This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: SSL not required for setup.exe download
On 2019-03-10 21:53, Archie Cobbs wrote:
> On Sun, Mar 10, 2019 at 6:20 PM L A Walsh <cygwin@tlinx.org> wrote:
>>>> It would be safer if http://www.cygwin.com always redirected you to
>>>> https://www.cygwin.com, where the page and the link are SSL.
>>>> Is there any reason not to force this redirect and close this security hole?
>>
>> I think the point is that if you redirect and a client can't
>> speak https, what happens? Wouldn't they get an error that would
>> prevent them from using the site?
>
> I guess so. Can you name any such client?
Dillo and likely others on:
https://en.wikipedia.org/wiki/Comparison_of_lightweight_web_browsers
and clients for RTEMS and other embedded platforms supported by newlib, musl,
and similar libraries, that are too limited to support TLS, HTTPS, etc.
--
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada
This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple