Re: SSL not required for setup.exe download

[Brian Inglis <Brian dot Inglis at SystematicSw dot ab dot ca>]

On 2019-03-10 21:53, Archie Cobbs wrote:
> On Sun, Mar 10, 2019 at 6:20 PM L A Walsh <cygwin@tlinx.org> wrote:
>>>> It would be safer if http://www.cygwin.com always redirected you to
>>>> https://www.cygwin.com, where the page and the link are SSL.
>>>> Is there any reason not to force this redirect and close this security hole?
>>
>>     I think the point is that if you redirect and a client can't
>> speak https, what happens?  Wouldn't they get an error that would
>> prevent them from using the site?
> 
> I guess so. Can you name any such client?

Dillo and likely others on:

	https://en.wikipedia.org/wiki/Comparison_of_lightweight_web_browsers

and clients for RTEMS and other embedded platforms supported by newlib, musl,
and similar libraries, that are too limited to support TLS, HTTPS, etc.

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple