Web lists-archives.com

Re: SSL not required for setup.exe download

On 3/12/19, Andrey Repin wrote:
> Greetings, Lee!
>>> It gives you false sense of security. What is worse, everybody is
>>> attempting
>>> to reassure this false sense on every possible occasion.
>> I don't think it's a false sense of security.  https:// isn't "safe"
>> but it is _safer_ than http://
> Yep. Now, let's recall mcafee, norton, kaspersky, avast… and all those
> other
> "antiviruses" that proxy all TLS traffic through their own root certificate
> proxy.

But you did that to yourself.  Hopefully you evaluated the risk/reward
in letting your a/v intercept everything.  Or are at least aware that
your a/v is intercepting everything.

Altho I have a feeling most home users aren't aware of
I haven't been paying attention - hopefully the situation has improved.


Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple