From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 123936 invoked by alias); 13 Dec 2016 08:30:53 -0000 Mailing-List: contact cygwin-apps-help@cygwin.com; run by ezmlm Precedence: bulk Sender: cygwin-apps-owner@cygwin.com List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Mail-Followup-To: cygwin-apps@cygwin.com Received: (qmail 123921 invoked by uid 89); 13 Dec 2016 08:30:52 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-101.6 required=5.0 tests=AWL,BAYES_00,GOOD_FROM_CORINNA_CYGWIN,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS autolearn=ham version=3.3.2 spammy=sig, Sig, H*R:D*cygwin.com, H*F:D*cygwin.com X-HELO: drew.franken.de Received: from mail-n.franken.de (HELO drew.franken.de) (193.175.24.27) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Tue, 13 Dec 2016 08:30:42 +0000 Received: from aqua.hirmke.de (aquarius.franken.de [193.175.24.89]) (Authenticated sender: aquarius) by mail-n.franken.de (Postfix) with ESMTPSA id EBA85721E281A for ; Tue, 13 Dec 2016 09:30:38 +0100 (CET) Received: from calimero.vinschen.de (calimero.vinschen.de [192.168.129.6]) by aqua.hirmke.de (Postfix) with ESMTP id 4844A5E01DC for ; Tue, 13 Dec 2016 09:30:38 +0100 (CET) Received: by calimero.vinschen.de (Postfix, from userid 500) id 2A064A80C51; Tue, 13 Dec 2016 09:30:38 +0100 (CET) Date: Tue, 13 Dec 2016 08:30:00 -0000 From: Corinna Vinschen To: cygwin-apps@cygwin.com Subject: Re: [PATCH setup 4/4] Codesign setup.exe (DO NOT APPLY) Message-ID: <20161213083038.GE3705@calimero.vinschen.de> Reply-To: cygwin-apps@cygwin.com Mail-Followup-To: cygwin-apps@cygwin.com References: <20161212132929.58904-1-jon.turney@dronecode.org.uk> <20161212132929.58904-5-jon.turney@dronecode.org.uk> <20161212173051.GD3705@calimero.vinschen.de> <87shptass0.fsf@Rainer.invalid> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="gr/z0/N6AeWAPJVB" Content-Disposition: inline In-Reply-To: <87shptass0.fsf@Rainer.invalid> User-Agent: Mutt/1.7.1 (2016-10-04) X-SW-Source: 2016-12/txt/msg00020.txt.bz2 --gr/z0/N6AeWAPJVB Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-length: 957 On Dec 12 19:47, Achim Gratz wrote: > Corinna Vinschen writes: > >> 2/ The signature should be timestamped, so that it remains vaild after= the > >> signing key expires, but I assume you have to use the timestamp servic= e of > >> the CA that signed the key. > > > > Not necessarily. We can workaround that by getting a new key and > > release a new setup. >=20 > That wouldn't do any good for folks trying to use an old setup version > or am I missing something? They would get two messages, "Sig has expired" and "there's a new version of setup". Isn't that sufficient? Corinna > In the meantime, we could provide a detached signature with the cygwin > key, just like we do for setup.ini? We already do. You can download setup-x86.exe.sig and setup-x86_64.exe.sig from https://cygwin.com/ Corinna --=20 Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat --gr/z0/N6AeWAPJVB Content-Type: application/pgp-signature; name="signature.asc" Content-length: 819 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJYT7GtAAoJEPU2Bp2uRE+gpoMP/i6j77mhxYBBkFgtUKATfT4s cdjv9+0JjalfsvYtSVsbNaz/FedN788tpKjzLe309+/kAlzESXMJTURLD4ZA6LND nO4knIPtqrxUNe4EY9APM+wg34H4NuOEwZTLami7vz3Y/0zXNOwaOmVQ/8mHTYUQ 4ZFVE13L4FoWFiMYcJr+Ud/1KeBidO8eFFtvlZsSvuFZKptKCpkk0iIdmTYTZ4U9 mhLSnNpoR8nN8U2SvcuSlACOQdKnvVCnQJuDs+C1K2XgQh2FYofMhHX4U1O31A54 My+YPfQTI8a1x3IhlW2kb5afjO9exm6teM9maRQ/wd4TleH5G6eE738OIgIlG71Q r7VZuP0a1lBKV4FBvtfcr1SI7pEy5h4qvM7QYciON39OMKUVIOBQtE5/v7jQ0BT7 DudD/Y3fY3Q8kbfs/E0xeJafY0S27SIUrPxTBqKykf8S6ybYgXDDco84RIxKuVi5 /JOuxI9gi/mkOiORFH2ypiZ8oowXhCtE9pCATfpdlNs2ztQWuQeJRPTEmdrOGicI ze6pq1oUx0B+4vTrZBwl0O7kLwiytOt1yX0W+S25rQYOSOfgJLkaKH5K/L8OPHho q6QYWT853iySx7HGv3lfkDMLMaMLYXiP6kcNg/ZYG60fy/hyixW+xHX7RzzyXSZu cAJvL1XHoq3vc0bvTdkB =VFRY -----END PGP SIGNATURE----- --gr/z0/N6AeWAPJVB--