X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:mime-version:to:subject
	:references:in-reply-to:content-type:content-transfer-encoding;
	 q=dns; s=default; b=gU09LEF+d1fhZ48cZ/p/6wTzXRtHJcFs8XiNvh53gcA
	VFPS63gtFF8T+98Z6Kd7fdJ9R8ENzZbkFBXqo6yvdXfHUD175O3NxVbpeMqkhkGJ
	/mWFjysZBp4Mrdol0yJckYs2Q4lP/B5RmgVboa0TVjVdzgKpOZaESmfoQ4XbbIOA
	=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:mime-version:to:subject
	:references:in-reply-to:content-type:content-transfer-encoding;
	 s=default; bh=61pfL7wbl9qUPW/m4h3agMQ+VhA=; b=UaUNkdJhpGVFMZacz
	LefK8wnWZpvTnagcCetvvAfhzkT9TcKfY+YTh7TCCNWrqTFYoHDzAesNGqvCRBY+
	A6BXxkLyFxWCmOfJznqWzcpEs/40vwX0KSRAdkEdWy//gCtANQo/0nBmsoMPw1fD
	4jLBG+nNhTjGVZpcy5IEyd5ehM=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-5.9 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_2 autolearn=ham version=3.3.1 spammy=paying, encrypted, breeding, backing
X-HELO: Ishtar.sc.tlinx.org
Message-ID: <5C865EE2.7040206@tlinx.org>
Date: Mon, 11 Mar 2019 06:13:06 -0700
From: L A Walsh <cygwin AT tlinx DOT org>
User-Agent: Thunderbird
MIME-Version: 1.0
To: cygwin AT cygwin DOT com
Subject: Re: SSL should not be required for setup.exe download
References: <CANSoFxtW0Jb1M5KfkFGGOxec_D8ysyYCrnk_PXWjHobLDXZauQ AT mail DOT gmail DOT com> <1a840c2e-55ac-0ab4-66c4-a1f6a2c4f81a AT Shaw DOT ca> <CANSoFxtA0vnF1adx4rwyjuMasrVAOGb8hT_Uct-wSdcazj252w AT mail DOT gmail DOT com> <41f12842-ea43-ff63-a660-26ee3b497c63 AT SystematicSw DOT ab DOT ca> <3132c0de-2689-a270-b996-d309017ca815 AT maxrnd DOT com>
In-Reply-To: <3132c0de-2689-a270-b996-d309017ca815@maxrnd.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes

On 3/10/2019 10:16 PM, Mark Geisert wrote:
> FWIW, I can reproduce the OP's STC using Chrome, Firefox, and Pale Moon.  Not 
> sure why it happens for some folks but not others.  But since it does exist for 
> some users, should it be dealt with?
>   
---
    Probably: https should be disabled on the site, then no one who has
used hsts will be able to access the site.  If https goes down for
some reason, anyone running hsts won't be able to access the site unless
they figure out to how to reset their browser.

    Only people who are using https would have hsts enabled.  If someone
only uses http, or is a browser that doesn't accept it or disables
it (for a few years I used a browser setting to disable it) because
I like knowing when google is being notified.  Unfortunately, now,
they are getting my email cuz I had to find a new provider on relative
short notice.  I didn't realize that they delete your incoming list
email if they thing you got it directly --  which messes up reading
messages in context on a list.

    They also delete incoming list email that you *sent* from
a google account because, they will tell you, that you can go find
the message in your 'Sent' email (unless you deleted it, in which
case its your own fault).  As it is, I'm finding emails going
missing because they though it came through to me, but for whatever
reason may have been filed in another, unrelated email box that
was also Cc'd.

    Google is irresponsible and has a history of creating changes then
backing them out or getting people on products/forums then killing
those products/tools.  If you ever noticed...nearly everything from
them is in "Beta".  A few years ago, google added 'fonts for the web' --
another enticement for web-owners to tell your browser to contact google.
Of course if the text is encrypted because of HSTS, you won't see it
before it has connected. 

Normally I haven't been worried about most of goog's changes but
when they started deleting email that they think I should have another
copy of -- that was unacceptable.  They misrepresented their email
service (that I'm paying for) as able to pass through unfiltered
email.  Such is not the case.  Not only that, but they add about 5-6K
to every message that comes through.  I used to have mail <1K: not
anymore.

As cygwin stands now, only those who choose https, will get it.  Yet
still people are complaining because everyone isn't forced to do the
same.  That is the attitude google and other social echo-chambers
are breeding and cultivating.

I find it anything but innocuous.



--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple