* Trusted Software Vendor @ 2012-06-09 1:16 Milton Quinteros S. 2012-06-09 1:44 ` R P Herrold 0 siblings, 1 reply; 29+ messages in thread From: Milton Quinteros S. @ 2012-06-09 1:16 UTC (permalink / raw) To: cygwin Would you consider the possibility to subscribe to the Comodo Trusted Software Vendor list (http://internetsecurity.comodo.com/trustedvendor/signup.php), and sign every executable? It would be so useful for Comodo Firewall users like me and other vendor list based firewalls to trust in applications. So, in Comodo - Computer Security Policy - Trusted Software Vendors - Read from a signed executable, would be so easy to add Cygwin as a trusted software vendor and avoid to make a rule for every executable. I don't know how much is the certificate but I'm sure there is a lot of people like me to make donations. Best regards. Milton Quinteros -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 29+ messages in thread
* Trusted Software Vendor 2012-06-09 1:16 Trusted Software Vendor Milton Quinteros S. @ 2012-06-09 1:44 ` R P Herrold 0 siblings, 0 replies; 29+ messages in thread From: R P Herrold @ 2012-06-09 1:44 UTC (permalink / raw) To: Milton Quinteros S.; +Cc: cygwin On Fri, 8 Jun 2012, Milton Quinteros S. wrote: > Would you consider the possibility to subscribe to the Comodo Trusted > Software Vendor list > (http://internetsecurity.comodo.com/trustedvendor/signup.php), and sign > every executable? > I don't know how much is the certificate but I'm sure there is a lot of > people like me to make donations. off the link: Comodo Code Signing Certificates // Comodo CA offers Code Signing certificates at the lowest prices around. http://www.instantssl.com/code-signing/index.html a bit under $100 a year But, clearly not the 'lowest price' ... https://startssl.com/ issues such to people with their Class II validation for less I assume there is some reason this is not presently done -- Russ herrold -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 29+ messages in thread
[parent not found: <!&!AAAAAAAAAAAYAAAAAAAAAH3PqnIBVHtCiVMVjN0ExZLigAAAEAAAAJXIkaLIcH5Pn+g+gRSa2KoBAAAAAA==@expertise.cl>]
[parent not found: <20120608184641.GA13771@ednor.casa.cgf.cx>]
* Re: Trusted Software Vendor [not found] ` <20120608184641.GA13771@ednor.casa.cgf.cx> @ 2012-06-09 11:05 ` Václav Zeman 2012-06-09 15:57 ` Christopher Faylor 0 siblings, 1 reply; 29+ messages in thread From: Václav Zeman @ 2012-06-09 11:05 UTC (permalink / raw) To: cygwin [-- Attachment #1: Type: text/plain, Size: 677 bytes --] On 06/08/2012 08:46 PM, Christopher Faylor wrote: > On Fri, Jun 08, 2012 at 02:15:27PM -0400, Milton Quinteros S. wrote: >> Would you consider the possibility to subscribe to the Comodo Trusted >> Software Vendor list >> (http://internetsecurity.comodo.com/trustedvendor/signup.php), and sign >> every executable? >> It would be so useful for Comodo Firewall users. >> Best regards. >> >> Milton Quinteros Salas > 1) Wrong mailing list. > > 2) Do you have any idea how many executables are in the release? No. Well, that part sounds like it could be automated. Though I think such effort for one commercial product is not worth the trouble. -- VZ [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 294 bytes --] ^ permalink raw reply [flat|nested] 29+ messages in thread
* Re: Trusted Software Vendor 2012-06-09 11:05 ` Václav Zeman @ 2012-06-09 15:57 ` Christopher Faylor 2012-06-10 17:51 ` Buchbinder, Barry (NIH/NIAID) [E] 2012-06-12 12:58 ` Warren Young 0 siblings, 2 replies; 29+ messages in thread From: Christopher Faylor @ 2012-06-09 15:57 UTC (permalink / raw) To: cygwin On Sat, Jun 09, 2012 at 01:04:37PM +0200, V?clav Zeman wrote: >On 06/08/2012 08:46 PM, Christopher Faylor wrote: >> On Fri, Jun 08, 2012 at 02:15:27PM -0400, Milton Quinteros S. wrote: >>>Would you consider the possibility to subscribe to the Comodo Trusted >>>Software Vendor list >>>(http://internetsecurity.comodo.com/trustedvendor/signup.php), and sign >>>every executable? It would be so useful for Comodo Firewall users. >>>Best regards. >>> >>>Milton Quinteros Salas >>1) Wrong mailing list. >> >>2) Do you have any idea how many executables are in the release? No. > >Well, that part sounds like it could be automated. I obviously know how to automate things. I also know that the Cygwin release doesn't all come from one place and package maintainers don't use just one way to produce packages. So, any automation would be complicated. You could theoretically push the burden onto cygwin.com itself but that would be a big change to the way that we do things now and I'm really not willing to burden cygwin.com with the cycles necessary to unpack tarballs at cygwin.com to sign them. cgf -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 29+ messages in thread
* RE: Trusted Software Vendor 2012-06-09 15:57 ` Christopher Faylor @ 2012-06-10 17:51 ` Buchbinder, Barry (NIH/NIAID) [E] 2012-06-11 13:50 ` Earnie Boyd 2012-06-11 14:05 ` Andrey Repin 2012-06-12 12:58 ` Warren Young 1 sibling, 2 replies; 29+ messages in thread From: Buchbinder, Barry (NIH/NIAID) [E] @ 2012-06-10 17:51 UTC (permalink / raw) To: cygwin I have setup.exe downloaded to /usr/local/bin (and renamed to getcygwin.exe). When I launch it by hand (but not by cmd /c start), Windows tells me that the publisher could not be verified and asks whether I want to run it. This is a minor annoyance but it would be nice if it could be addressed without expense or too much bother. - Barry Disclaimer: Statements made herein are not made on behalf of NIAID. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 29+ messages in thread
* Re: Trusted Software Vendor 2012-06-10 17:51 ` Buchbinder, Barry (NIH/NIAID) [E] @ 2012-06-11 13:50 ` Earnie Boyd 2012-06-11 14:05 ` Andrey Repin 1 sibling, 0 replies; 29+ messages in thread From: Earnie Boyd @ 2012-06-11 13:50 UTC (permalink / raw) To: cygwin On Sun, Jun 10, 2012 at 1:51 PM, Buchbinder, Barry (NIH/NIAID) [E] wrote: > I have setup.exe downloaded to /usr/local/bin (and renamed to > getcygwin.exe). When I launch it by hand (but not by cmd /c start), > Windows tells me that the publisher could not be verified and asks > whether I want to run it. This is a minor annoyance but it would be > nice if it could be addressed without expense or too much bother. IIRC, you can turn that annoyance off in your system if you don't want to be bothered by it. -- Earnie -- https://sites.google.com/site/earnieboyd -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 29+ messages in thread
* Re: Trusted Software Vendor 2012-06-10 17:51 ` Buchbinder, Barry (NIH/NIAID) [E] 2012-06-11 13:50 ` Earnie Boyd @ 2012-06-11 14:05 ` Andrey Repin 2012-06-11 14:22 ` Buchbinder, Barry (NIH/NIAID) [E] 2012-06-11 14:45 ` Otto Meta 1 sibling, 2 replies; 29+ messages in thread From: Andrey Repin @ 2012-06-11 14:05 UTC (permalink / raw) To: Buchbinder, Barry (NIH/NIAID) [E], cygwin Greetings, Buchbinder, Barry (NIH/NIAID) [E]! > I have setup.exe downloaded to /usr/local/bin (and renamed to > getcygwin.exe). When I launch it by hand (but not by cmd /c start), > Windows tells me that the publisher could not be verified and asks > whether I want to run it. This is because of the file being downloaded from the web (check file streams for details). You can easily cleanup the file metadata by copying it to FAT drive (Flash disk/memory card). > This is a minor annoyance but it would be > nice if it could be addressed without expense or too much bother. I doubt it would be in foreseeable future. -- WBR, Andrey Repin (anrdaemon@freemail.ru) 11.06.2012, <18:00> Sorry for my terrible english... -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 29+ messages in thread
* RE: Trusted Software Vendor 2012-06-11 14:05 ` Andrey Repin @ 2012-06-11 14:22 ` Buchbinder, Barry (NIH/NIAID) [E] 2012-06-11 14:45 ` Otto Meta 1 sibling, 0 replies; 29+ messages in thread From: Buchbinder, Barry (NIH/NIAID) [E] @ 2012-06-11 14:22 UTC (permalink / raw) To: cygwin Andrey Repin sent the following at Monday, June 11, 2012 10:03 AM >This is because of the file being downloaded from the web (check file >streams for details). You can easily cleanup the file metadata by >copying it to FAT drive (Flash disk/memory card). It worked! For the record, I had to delete it from /usr/local/bin before copying back from the from the memory stick; copying over the file was not enough. Thanks! (And your English is fine.) - Barry Disclaimer: Statements made herein are not made on behalf of NIAID. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 29+ messages in thread
* Re: Trusted Software Vendor 2012-06-11 14:05 ` Andrey Repin 2012-06-11 14:22 ` Buchbinder, Barry (NIH/NIAID) [E] @ 2012-06-11 14:45 ` Otto Meta 2012-06-11 14:46 ` Christopher Faylor 1 sibling, 1 reply; 29+ messages in thread From: Otto Meta @ 2012-06-11 14:45 UTC (permalink / raw) To: cygwin > This is because of the file being downloaded from the web (check file streams > for details). > You can easily cleanup the file metadata by copying it to FAT drive (Flash > disk/memory card). The file stream with the "downloaded from the web" information can easily be removed with the Stream tool without any copying: http://technet.microsoft.com/en-us/sysinternals/bb897440.aspx You can probably make a simple context menu entry as well. Otto -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 29+ messages in thread
* Re: Trusted Software Vendor 2012-06-11 14:45 ` Otto Meta @ 2012-06-11 14:46 ` Christopher Faylor 2012-06-11 14:51 ` Otto Meta 0 siblings, 1 reply; 29+ messages in thread From: Christopher Faylor @ 2012-06-11 14:46 UTC (permalink / raw) To: cygwin On Mon, Jun 11, 2012 at 04:44:46PM +0200, Otto Meta wrote: >> This is because of the file being downloaded from the web (check file streams > >> for details). >> You can easily cleanup the file metadata by copying it to FAT drive (Flash >> disk/memory card). > > >The file stream with the "downloaded from the web" information can >easily be removed with the Stream tool without any copying: >http://technet.microsoft.com/en-us/sysinternals/bb897440.aspx > >You can probably make a simple context menu entry as well. Out of curiosity would downloading setup.exe using wget also work around the problem? cgf -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 29+ messages in thread
* Re: Trusted Software Vendor 2012-06-11 14:46 ` Christopher Faylor @ 2012-06-11 14:51 ` Otto Meta 2012-06-11 14:55 ` Christopher Faylor 0 siblings, 1 reply; 29+ messages in thread From: Otto Meta @ 2012-06-11 14:51 UTC (permalink / raw) To: cygwin > Out of curiosity would downloading setup.exe using wget also work > around the problem? Most likely. I don't think wget cares about protecting Windows users from their own stupidity. If you use wget, you should know what you're doing. How about you just give it a try? Otto -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 29+ messages in thread
* Re: Trusted Software Vendor 2012-06-11 14:51 ` Otto Meta @ 2012-06-11 14:55 ` Christopher Faylor 2012-06-11 15:03 ` Václav Zeman 2012-06-11 15:25 ` Buchbinder, Barry (NIH/NIAID) [E] 0 siblings, 2 replies; 29+ messages in thread From: Christopher Faylor @ 2012-06-11 14:55 UTC (permalink / raw) To: cygwin On Mon, Jun 11, 2012 at 04:51:07PM +0200, Otto Meta wrote: >cgf wrote: >> Out of curiosity would downloading setup.exe using wget also work >>around the problem? > >Most likely. I don't think wget cares about protecting Windows users >from their own stupidity. If you use wget, you should know what you're >doing. > >How about you just give it a try? Er, I don't have this problem. I wasn't the one reporting it. cgf -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 29+ messages in thread
* Re: Trusted Software Vendor 2012-06-11 14:55 ` Christopher Faylor @ 2012-06-11 15:03 ` Václav Zeman 2012-06-14 18:50 ` Andrey Repin 2012-06-11 15:25 ` Buchbinder, Barry (NIH/NIAID) [E] 1 sibling, 1 reply; 29+ messages in thread From: Václav Zeman @ 2012-06-11 15:03 UTC (permalink / raw) To: cygwin On 11 June 2012 16:55, Christopher Faylor wrote: > On Mon, Jun 11, 2012 at 04:51:07PM +0200, Otto Meta wrote: >>cgf wrote: >>> Out of curiosity would downloading setup.exe using wget also work >>>around the problem? >> >>Most likely. I don't think wget cares about protecting Windows users >>from their own stupidity. If you use wget, you should know what you're >>doing. >> >>How about you just give it a try? > > Er, I don't have this problem. I wasn't the one reporting it. Downloading setup.exe with wget has another problem. The downloaded file is missing the +x bit, IIRC. -- VZ -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 29+ messages in thread
* Re: Trusted Software Vendor 2012-06-11 15:03 ` Václav Zeman @ 2012-06-14 18:50 ` Andrey Repin 2012-06-18 14:52 ` Corinna Vinschen 0 siblings, 1 reply; 29+ messages in thread From: Andrey Repin @ 2012-06-14 18:50 UTC (permalink / raw) To: Vaclav Zeman, cygwin Greetings, Vaclav Zeman! >>>> Out of curiosity would downloading setup.exe using wget also work >>>>around the problem? >>> >>>Most likely. I don't think wget cares about protecting Windows users >>>from their own stupidity. If you use wget, you should know what you're >>>doing. >>> >>>How about you just give it a try? >> >> Er, I don't have this problem. I wasn't the one reporting it. > Downloading setup.exe with wget has another problem. The downloaded > file is missing the +x bit, IIRC. It's irrelevant for setup.exe. -- WBR, Andrey Repin (anrdaemon@freemail.ru) 14.06.2012, <22:45> Sorry for my terrible english... ^ permalink raw reply [flat|nested] 29+ messages in thread
* Re: Trusted Software Vendor 2012-06-14 18:50 ` Andrey Repin @ 2012-06-18 14:52 ` Corinna Vinschen 2012-06-19 0:35 ` Andrey Repin 0 siblings, 1 reply; 29+ messages in thread From: Corinna Vinschen @ 2012-06-18 14:52 UTC (permalink / raw) To: cygwin On Jun 14 22:45, Andrey Repin wrote: > Greetings, Vaclav Zeman! > > >>>> Out of curiosity would downloading setup.exe using wget also work > >>>>around the problem? > >>> > >>>Most likely. Â I don't think wget cares about protecting Windows users > >>>from their own stupidity. Â If you use wget, you should know what you're > >>>doing. > >>> > >>>How about you just give it a try? > >> > >> Er, I don't have this problem. Â I wasn't the one reporting it. > > Downloading setup.exe with wget has another problem. The downloaded > > file is missing the +x bit, IIRC. > > It's irrelevant for setup.exe. It's not. Try to start any executable on a NTFS filesystem. Remove the executable bits from all entries in the ACL. Try again. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 29+ messages in thread
* Re: Trusted Software Vendor 2012-06-18 14:52 ` Corinna Vinschen @ 2012-06-19 0:35 ` Andrey Repin 2012-06-19 7:17 ` Corinna Vinschen 0 siblings, 1 reply; 29+ messages in thread From: Andrey Repin @ 2012-06-19 0:35 UTC (permalink / raw) To: Corinna Vinschen Greetings, Corinna Vinschen! >> >>>> Out of curiosity would downloading setup.exe using wget also work >> >>>>around the problem? >> >>> >> >>>Most likely. I don't think wget cares about protecting Windows users >> >>>from their own stupidity. If you use wget, you should know what you're >> >>>doing. >> >>> >> >>>How about you just give it a try? >> >> >> >> Er, I don't have this problem. I wasn't the one reporting it. >> > Downloading setup.exe with wget has another problem. The downloaded >> > file is missing the +x bit, IIRC. >> >> It's irrelevant for setup.exe. > It's not. Try to start any executable on a NTFS filesystem. Remove > the executable bits from all entries in the ACL. Try again. Sure that will cause issues, but read quote from the start. If you download setup.exe using wget, it's unlikely you'll be unable to run it. You need to do some real tinkering first to prevent that. -- WBR, Andrey Repin (anrdaemon@freemail.ru) 19.06.2012, <04:24> Sorry for my terrible english... ^ permalink raw reply [flat|nested] 29+ messages in thread
* Re: Trusted Software Vendor 2012-06-19 0:35 ` Andrey Repin @ 2012-06-19 7:17 ` Corinna Vinschen 0 siblings, 0 replies; 29+ messages in thread From: Corinna Vinschen @ 2012-06-19 7:17 UTC (permalink / raw) To: cygwin On Jun 19 04:25, Andrey Repin wrote: > Greetings, Corinna Vinschen! > > >> >>>> Out of curiosity would downloading setup.exe using wget also work > >> >>>>around the problem? > >> >>> > >> >>>Most likely. Â I don't think wget cares about protecting Windows users > >> >>>from their own stupidity. Â If you use wget, you should know what you're > >> >>>doing. > >> >>> > >> >>>How about you just give it a try? > >> >> > >> >> Er, I don't have this problem. Â I wasn't the one reporting it. > >> > Downloading setup.exe with wget has another problem. The downloaded > >> > file is missing the +x bit, IIRC. > >> > >> It's irrelevant for setup.exe. > > > It's not. Try to start any executable on a NTFS filesystem. Remove > > the executable bits from all entries in the ACL. Try again. > > Sure that will cause issues, but read quote from the start. > If you download setup.exe using wget, it's unlikely you'll be unable to run > it. > You need to do some real tinkering first to prevent that. I was solely referring to the common misconception that the execute bit has no meaning for Windows excecutables. Some people even think the execute bit is just faked by Cygwin(*). I can't let this go without commenting on it. Corinna (*) which it is, but only on filesystems which don't support permissions at all, like FAT/FAT32. -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 29+ messages in thread
* RE: Trusted Software Vendor 2012-06-11 14:55 ` Christopher Faylor 2012-06-11 15:03 ` Václav Zeman @ 2012-06-11 15:25 ` Buchbinder, Barry (NIH/NIAID) [E] 1 sibling, 0 replies; 29+ messages in thread From: Buchbinder, Barry (NIH/NIAID) [E] @ 2012-06-11 15:25 UTC (permalink / raw) To: cygwin Christopher Faylor sent the following at Monday, June 11, 2012 10:56 AM >On Mon, Jun 11, 2012 at 04:51:07PM +0200, Otto Meta wrote: >>cgf wrote: >>> Out of curiosity would downloading setup.exe using wget also work >>>around the problem? >> >>Most likely. I don't think wget cares about protecting Windows users >>from their own stupidity. If you use wget, you should know what you're >>doing. >> >>How about you just give it a try? > >Er, I don't have this problem. I wasn't the one reporting it. Since I reported it. I used curl and didn't have the problem. curl -R -o getcygwin.exe http://cygwin.com/setup.exe Also, the x bit was set. -rwxr-xr-x 1 705053 2012-04-29 02:27:44 getcygwin.exe Two solutions! Is this a great list or what! Thanks to all. - Barry Disclaimer: Statements made herein are not made on behalf of NIAID. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 29+ messages in thread
* Re: Trusted Software Vendor 2012-06-09 15:57 ` Christopher Faylor 2012-06-10 17:51 ` Buchbinder, Barry (NIH/NIAID) [E] @ 2012-06-12 12:58 ` Warren Young 2012-06-12 13:16 ` Christopher Faylor 1 sibling, 1 reply; 29+ messages in thread From: Warren Young @ 2012-06-12 12:58 UTC (permalink / raw) To: cygwin On 6/9/2012 9:57 AM, Christopher Faylor wrote: > >and I'm really > not willing to burden cygwin.com with the cycles necessary to unpack > tarballs at cygwin.com to sign them. Based on the traffic I see to cygwin-apps, my sense is that this would amount to single-digit CPU-minutes per day, once you get through the initial conversion. That can be nice'd to the point that it takes a month; this doesn't have to be a Big Bang conversion. I think a much bigger problem is getting a Linux toolchain set up on the main package repo server that can sign these executables. My Google-fu says the GNU tools have no idea how to do this today. Then someone has to spend at least a few hours writing and testing the script to do all this. It might take a person-day. Red Hat might not have to buy a code signing cert for this. They might already have one that will work: http://goo.gl/5Hm3C -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 29+ messages in thread
* Re: Trusted Software Vendor 2012-06-12 12:58 ` Warren Young @ 2012-06-12 13:16 ` Christopher Faylor 2012-06-12 14:47 ` James Johnston 0 siblings, 1 reply; 29+ messages in thread From: Christopher Faylor @ 2012-06-12 13:16 UTC (permalink / raw) To: cygwin On Tue, Jun 12, 2012 at 06:57:45AM -0600, Warren Young wrote: >On 6/9/2012 9:57 AM, Christopher Faylor wrote: >>and I'm really not willing to burden cygwin.com with the cycles >>necessary to unpack tarballs at cygwin.com to sign them. > >Based on the traffic I see to cygwin-apps, my sense is that this would >amount to single-digit CPU-minutes per day, once you get through the >initial conversion. That can be nice'd to the point that it takes a >month; this doesn't have to be a Big Bang conversion. > >I think a much bigger problem is getting a Linux toolchain set up on >the main package repo server that can sign these executables. My >Google-fu says the GNU tools have no idea how to do this today. > >Then someone has to spend at least a few hours writing and testing the >script to do all this. It might take a person-day. If you are working under the misapprehension that I don't understand what's required to get this to work, I can assure you that you're wrong. >Red Hat might not have to buy a code signing cert for this. They might >already have one that will work: http://goo.gl/5Hm3C The Cygwin project is not Red Hat. It wouldn't be "Red Hat" buying anything. cgf -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 29+ messages in thread
* RE: Trusted Software Vendor 2012-06-12 13:16 ` Christopher Faylor @ 2012-06-12 14:47 ` James Johnston 2012-06-12 14:50 ` Nick Lowe 2012-06-12 15:11 ` Earnie Boyd 0 siblings, 2 replies; 29+ messages in thread From: James Johnston @ 2012-06-12 14:47 UTC (permalink / raw) To: cygwin > >Red Hat might not have to buy a code signing cert for this. They might > >already have one that will work: http://goo.gl/5Hm3C > > The Cygwin project is not Red Hat. It wouldn't be "Red Hat" buying anything. What is the Cygwin project then? I honestly thought it was a Red Hat project... I.e. I've thought of it as a "Linux" distribution from Red Hat, with Corinna Vinschen being a senior Red Hat engineer, according to your FAQ. Wikipedia says that you yourself used to work for Red Hat. Bottom of Cygwin.com: "The Cygwin DLL and utilities are Copyright C <snip> 2012 Red Hat, Inc. Other packages have other copyrights." Also Wikipedia says that the project was started by Cygnus Solutions which was then merged with Red Hat back in 2000. It is logical to assume that if the copyright is owned by Red Hat and some contributor(s) are Red Hat employees, then the Cygwin project would have some level of access to Red Hat resources. If Cygwin isn't owned/run by Red Hat as you seem to indicate, why do they seem to have their fingers in everything? -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 29+ messages in thread
* Re: Trusted Software Vendor 2012-06-12 14:47 ` James Johnston @ 2012-06-12 14:50 ` Nick Lowe 2012-06-12 15:11 ` Earnie Boyd 1 sibling, 0 replies; 29+ messages in thread From: Nick Lowe @ 2012-06-12 14:50 UTC (permalink / raw) To: cygwin To me, the key question is: Would Red Hat have an objection in principle to signing Cygwin and its packages given the history and ties. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 29+ messages in thread
* Re: Trusted Software Vendor 2012-06-12 14:47 ` James Johnston 2012-06-12 14:50 ` Nick Lowe @ 2012-06-12 15:11 ` Earnie Boyd 2012-06-12 15:13 ` Nick Lowe 2012-06-12 17:08 ` Roger K. Wells 1 sibling, 2 replies; 29+ messages in thread From: Earnie Boyd @ 2012-06-12 15:11 UTC (permalink / raw) To: cygwin On Tue, Jun 12, 2012 at 10:46 AM, James Johnston wrote: > Wikipedia says that ... Wikipedia isn't the keeper of the information relevant to Cygwin. You can only find the truth at cygwin.com. Besides, companies do support open source projects by providing man hours to it. It doesn't mean that the company providing those hours has any other right to it than you or I do. Cygwin is a separate entity from Red Hat. -- Earnie -- https://sites.google.com/site/earnieboyd -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 29+ messages in thread
* Re: Trusted Software Vendor 2012-06-12 15:11 ` Earnie Boyd @ 2012-06-12 15:13 ` Nick Lowe 2012-06-12 15:31 ` Christopher Faylor 2012-06-12 15:32 ` Eric Blake 2012-06-12 17:08 ` Roger K. Wells 1 sibling, 2 replies; 29+ messages in thread From: Nick Lowe @ 2012-06-12 15:13 UTC (permalink / raw) To: cygwin http://cygwin.com/ "The Cygwin DLL and utilities are Copyright © 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 Red Hat, Inc" > Wikipedia isn't the keeper of the information relevant to Cygwin. You > can only find the truth at cygwin.com. Besides, companies do support > open source projects by providing man hours to it. It doesn't mean > that the company providing those hours has any other right to it than > you or I do. Cygwin is a separate entity from Red Hat. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 29+ messages in thread
* Re: Trusted Software Vendor 2012-06-12 15:13 ` Nick Lowe @ 2012-06-12 15:31 ` Christopher Faylor 2012-06-12 15:32 ` Eric Blake 1 sibling, 0 replies; 29+ messages in thread From: Christopher Faylor @ 2012-06-12 15:31 UTC (permalink / raw) To: cygwin On Tue, Jun 12, 2012 at 04:12:58PM +0100, Nick Lowe wrote: >http://cygwin.com/ > >"The Cygwin DLL and utilities are Copyright ? 2000, 2001, 2002, 2003, >2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 Red Hat, Inc" The version of Cygwin supported at cygwin.com is a GPL-based free software project. Red Hat owns the code. Corinna works for Red Hat and can represent Red Hat's interests in the project but Red Hat does not run the project. They have their own release of Cygwin which is separate from the net release and which, in many cases, is not released under the GPL. Besides Corinna, AFAIK, there is one other active person on this project who works for Red Hat. Their Red Hat job does not involve working on Cygwin. sourceware.org, cygwin.com's home, is a system which was generously donated by Red Hat. It is maintained by three people, one of whom works at Red Hat. Like me, he maintains the site in his free time. cgf -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 29+ messages in thread
* Re: Trusted Software Vendor 2012-06-12 15:13 ` Nick Lowe 2012-06-12 15:31 ` Christopher Faylor @ 2012-06-12 15:32 ` Eric Blake 2012-06-12 17:07 ` Christopher Faylor 1 sibling, 1 reply; 29+ messages in thread From: Eric Blake @ 2012-06-12 15:32 UTC (permalink / raw) To: cygwin [-- Attachment #1: Type: text/plain, Size: 1136 bytes --] On 06/12/2012 09:12 AM, Nick Lowe wrote: > http://cygwin.com/ > > "The Cygwin DLL and utilities are Copyright © 2000, 2001, 2002, 2003, > 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 Red Hat, Inc" Yes, that's true for the cygwin1.dll. But it's not all the executables available from cygwin.com. Even among the packages I help maintain (on my own time, and not on Red Hat's time, I might add), ls.exe is copyright FSF; diffstat.exe is copyright Thomas E. Dickey; git.exe is copyright by many different individuals; etc., and none of these are owned or run by Red Hat. That is, Red Hat cannot make blanket operations on executables, just because cygwin.com ships them, because Red Hat is not the copyright holder on the majority of the binaries bundled in the cygwin distribution, nor even the entity that compiled the binaries in the first place. Most of what you get from cygwin is the effort of individual contributors, while only a few things like cygwin1.dll are directly owned by Red Hat. -- Eric Blake eblake@redhat.com +1-919-301-3266 Libvirt virtualization library http://libvirt.org [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 620 bytes --] ^ permalink raw reply [flat|nested] 29+ messages in thread
* Re: Trusted Software Vendor 2012-06-12 15:32 ` Eric Blake @ 2012-06-12 17:07 ` Christopher Faylor 0 siblings, 0 replies; 29+ messages in thread From: Christopher Faylor @ 2012-06-12 17:07 UTC (permalink / raw) To: cygwin On Tue, Jun 12, 2012 at 09:32:00AM -0600, Eric Blake wrote: >On 06/12/2012 09:12 AM, Nick Lowe wrote: >> http://cygwin.com/ >> >> "The Cygwin DLL and utilities are Copyright ? 2000, 2001, 2002, 2003, >> 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 Red Hat, Inc" > >Yes, that's true for the cygwin1.dll. But it's not all the executables >available from cygwin.com. Even among the packages I help maintain (on >my own time, and not on Red Hat's time, I might add), ls.exe is >copyright FSF; diffstat.exe is copyright Thomas E. Dickey; git.exe is >copyright by many different individuals; etc., and none of these are >owned or run by Red Hat. That is, Red Hat cannot make blanket >operations on executables, just because cygwin.com ships them, because >Red Hat is not the copyright holder on the majority of the binaries >bundled in the cygwin distribution, nor even the entity that compiled >the binaries in the first place. Most of what you get from cygwin is >the effort of individual contributors, while only a few things like >cygwin1.dll are directly owned by Red Hat. Thanks, Eric, for an important clarification. cgf -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 29+ messages in thread
* Re: Trusted Software Vendor 2012-06-12 15:11 ` Earnie Boyd 2012-06-12 15:13 ` Nick Lowe @ 2012-06-12 17:08 ` Roger K. Wells 2012-06-12 17:24 ` marco atzeri 1 sibling, 1 reply; 29+ messages in thread From: Roger K. Wells @ 2012-06-12 17:08 UTC (permalink / raw) To: cygwin On 06/12/2012 11:10 AM, Earnie Boyd wrote: > On Tue, Jun 12, 2012 at 10:46 AM, James Johnston wrote: >> Wikipedia says that ... > Wikipedia isn't the keeper of the information relevant to Cygwin. You > can only find the truth at cygwin.com. Besides, companies do support > open source projects by providing man hours to it. It doesn't mean > that the company providing those hours has any other right to it than > you or I do. Cygwin is a separate entity from Red Hat. What's this then? http://www.redhat.com/software/cygwin/ a link on: http://cygwin.com/ If they are a separate entity this will certainly mislead some of us.... > -- Roger Wells, P.E. SAIC 221 Third St Newport, RI 02840 401-847-4210 (voice) 401-849-1585 (fax) roger.k.wells@saic.com -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 29+ messages in thread
* Re: Trusted Software Vendor 2012-06-12 17:08 ` Roger K. Wells @ 2012-06-12 17:24 ` marco atzeri 0 siblings, 0 replies; 29+ messages in thread From: marco atzeri @ 2012-06-12 17:24 UTC (permalink / raw) To: cygwin On 6/12/2012 7:08 PM, Roger K. Wells wrote: > On 06/12/2012 11:10 AM, Earnie Boyd wrote: >> On Tue, Jun 12, 2012 at 10:46 AM, James Johnston wrote: >>> Wikipedia says that ... >> Wikipedia isn't the keeper of the information relevant to Cygwin. You >> can only find the truth at cygwin.com. Besides, companies do support >> open source projects by providing man hours to it. It doesn't mean >> that the company providing those hours has any other right to it than >> you or I do. Cygwin is a separate entity from Red Hat. > What's this then? > > http://www.redhat.com/software/cygwin/ a link on: http://cygwin.com/ > > If they are a separate entity this will certainly mislead some of us.... > reporting all the sentence is more clear : "For Cygwin licensing or commercial support, please visit the Red Hat Cygwin Product site." On linux you can choose between Fedora and RHEL , here you can choose between "Cygwin" and "Redhat Cygwin" it is not so strange in the software world Marco -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 29+ messages in thread
end of thread, other threads:[~2012-06-19 7:17 UTC | newest] Thread overview: 29+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2012-06-09 1:16 Trusted Software Vendor Milton Quinteros S. 2012-06-09 1:44 ` R P Herrold [not found] <!&!AAAAAAAAAAAYAAAAAAAAAH3PqnIBVHtCiVMVjN0ExZLigAAAEAAAAJXIkaLIcH5Pn+g+gRSa2KoBAAAAAA==@expertise.cl> [not found] ` <20120608184641.GA13771@ednor.casa.cgf.cx> 2012-06-09 11:05 ` Václav Zeman 2012-06-09 15:57 ` Christopher Faylor 2012-06-10 17:51 ` Buchbinder, Barry (NIH/NIAID) [E] 2012-06-11 13:50 ` Earnie Boyd 2012-06-11 14:05 ` Andrey Repin 2012-06-11 14:22 ` Buchbinder, Barry (NIH/NIAID) [E] 2012-06-11 14:45 ` Otto Meta 2012-06-11 14:46 ` Christopher Faylor 2012-06-11 14:51 ` Otto Meta 2012-06-11 14:55 ` Christopher Faylor 2012-06-11 15:03 ` Václav Zeman 2012-06-14 18:50 ` Andrey Repin 2012-06-18 14:52 ` Corinna Vinschen 2012-06-19 0:35 ` Andrey Repin 2012-06-19 7:17 ` Corinna Vinschen 2012-06-11 15:25 ` Buchbinder, Barry (NIH/NIAID) [E] 2012-06-12 12:58 ` Warren Young 2012-06-12 13:16 ` Christopher Faylor 2012-06-12 14:47 ` James Johnston 2012-06-12 14:50 ` Nick Lowe 2012-06-12 15:11 ` Earnie Boyd 2012-06-12 15:13 ` Nick Lowe 2012-06-12 15:31 ` Christopher Faylor 2012-06-12 15:32 ` Eric Blake 2012-06-12 17:07 ` Christopher Faylor 2012-06-12 17:08 ` Roger K. Wells 2012-06-12 17:24 ` marco atzeri
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).