Re: SSL not required for setup.exe download
On 2019-03-10 21:53, Archie Cobbs wrote:
> On Sun, Mar 10, 2019 at 6:20 PM L A Walsh <cygwin@xxxxxxxxx> wrote:
>>>> It would be safer if http://www.cygwin.com always redirected you to
>>>> https://www.cygwin.com, where the page and the link are SSL.
>>>> Is there any reason not to force this redirect and close this security hole?
>> I think the point is that if you redirect and a client can't
>> speak https, what happens? Wouldn't they get an error that would
>> prevent them from using the site?
> I guess so. Can you name any such client?
Dillo and likely others on:
and clients for RTEMS and other embedded platforms supported by newlib, musl,
and similar libraries, that are too limited to support TLS, HTTPS, etc.
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada
This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple