| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:subject:to:references:from:message-id:date | |
| :mime-version:in-reply-to:content-type | |
| :content-transfer-encoding; q=dns; s=default; b=TbIiBIgWzoYVtRbf | |
| h/qdQkmsKxgN8hxSEBVM4Gv20qBx49mUrTpJgQGi6GqN2LAQTTEcMuuAzwkJipm1 | |
| kPK70ySNVKUpwnZheGzZybMPbU6ipJf2Vcg7GKs30zLz8KVELUMTU5TlbIJJThpj | |
| NWV9J+rUQ+r/4U1nznhl9l8R3rQ= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:subject:to:references:from:message-id:date | |
| :mime-version:in-reply-to:content-type | |
| :content-transfer-encoding; s=default; bh=jI3kQlqaTPmTqDJ9UCrMFJ | |
| hkZcI=; b=xlrQyzPoD6MYS10Vj+HRLJr65hJlcrbJAy7GGkq5QZgX+SECsRtPpu | |
| bVFFZd/3VvvhzEj7F7s4s+/LDYZFCCTTjrsYrZ57ZcUPRQZuIs0X7RWI+8Spl93p | |
| dYXekh2CBr5ZwwIuEe1ONR4PZ9hoaxtn2/QLdEI+SBpihFARGdzRc= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Spam-SWARE-Status: | No, score=-1.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.3.1 spammy=pale, H*UA:6.1, H*u:6.1, enter |
| X-HELO: | m0.truegem.net |
| Subject: | Re: SSL not required for setup.exe download |
| To: | cygwin AT cygwin DOT com |
| References: | <CANSoFxtW0Jb1M5KfkFGGOxec_D8ysyYCrnk_PXWjHobLDXZauQ AT mail DOT gmail DOT com> <1a840c2e-55ac-0ab4-66c4-a1f6a2c4f81a AT Shaw DOT ca> <CANSoFxtA0vnF1adx4rwyjuMasrVAOGb8hT_Uct-wSdcazj252w AT mail DOT gmail DOT com> <41f12842-ea43-ff63-a660-26ee3b497c63 AT SystematicSw DOT ab DOT ca> |
| From: | Mark Geisert <mark AT maxrnd DOT com> |
| Message-ID: | <3132c0de-2689-a270-b996-d309017ca815@maxrnd.com> |
| Date: | Sun, 10 Mar 2019 22:16:07 -0700 |
| User-Agent: | Mozilla/5.0 (Windows NT 6.1; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0 SeaMonkey/2.46 |
| MIME-Version: | 1.0 |
| In-Reply-To: | <41f12842-ea43-ff63-a660-26ee3b497c63@SystematicSw.ab.ca> |
Brian Inglis wrote: > On 2019-03-10 10:40, Archie Cobbs wrote: [...] >> In any case, the problem I'm talking about is trivial to verify. Just >> start up Chrome or Firefox and enter http://www.cygwin.com. You can >> then confirm that (a) the page you are looking at has an http:// URL, >> and (b) the link to setup.exe also has an http:// URL. Therefore, >> there is no real security in this scenario. > > I only get to see https://www.cygwin.com/ YMMV FWIW, I can reproduce the OP's STC using Chrome, Firefox, and Pale Moon. Not sure why it happens for some folks but not others. But since it does exist for some users, should it be dealt with? ..mark -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |