From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 19289 invoked by alias); 11 Mar 2019 13:13:12 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 18875 invoked by uid 89); 11 Mar 2019 13:13:11 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-5.9 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_2 autolearn=ham version=3.3.1 spammy=paying, encrypted, breeding, backing X-HELO: Ishtar.sc.tlinx.org Received: from ishtar.tlinx.org (HELO Ishtar.sc.tlinx.org) (173.164.175.65) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 11 Mar 2019 13:13:10 +0000 Received: from [192.168.3.12] (Athenae [192.168.3.12]) by Ishtar.sc.tlinx.org (8.14.7/8.14.4/SuSE Linux 0.8) with ESMTP id x2BDD6MS046903 for ; Mon, 11 Mar 2019 06:13:09 -0700 Message-ID: <5C865EE2.7040206@tlinx.org> Date: Mon, 11 Mar 2019 13:13:00 -0000 From: L A Walsh User-Agent: Thunderbird MIME-Version: 1.0 To: cygwin@cygwin.com Subject: Re: SSL should not be required for setup.exe download References: <1a840c2e-55ac-0ab4-66c4-a1f6a2c4f81a@Shaw.ca> <41f12842-ea43-ff63-a660-26ee3b497c63@SystematicSw.ab.ca> <3132c0de-2689-a270-b996-d309017ca815@maxrnd.com> In-Reply-To: <3132c0de-2689-a270-b996-d309017ca815@maxrnd.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-IsSubscribed: yes X-SW-Source: 2019-03/txt/msg00246.txt.bz2 On 3/10/2019 10:16 PM, Mark Geisert wrote: > FWIW, I can reproduce the OP's STC using Chrome, Firefox, and Pale Moon. Not > sure why it happens for some folks but not others. But since it does exist for > some users, should it be dealt with? > --- Probably: https should be disabled on the site, then no one who has used hsts will be able to access the site. If https goes down for some reason, anyone running hsts won't be able to access the site unless they figure out to how to reset their browser. Only people who are using https would have hsts enabled. If someone only uses http, or is a browser that doesn't accept it or disables it (for a few years I used a browser setting to disable it) because I like knowing when google is being notified. Unfortunately, now, they are getting my email cuz I had to find a new provider on relative short notice. I didn't realize that they delete your incoming list email if they thing you got it directly -- which messes up reading messages in context on a list. They also delete incoming list email that you *sent* from a google account because, they will tell you, that you can go find the message in your 'Sent' email (unless you deleted it, in which case its your own fault). As it is, I'm finding emails going missing because they though it came through to me, but for whatever reason may have been filed in another, unrelated email box that was also Cc'd. Google is irresponsible and has a history of creating changes then backing them out or getting people on products/forums then killing those products/tools. If you ever noticed...nearly everything from them is in "Beta". A few years ago, google added 'fonts for the web' -- another enticement for web-owners to tell your browser to contact google. Of course if the text is encrypted because of HSTS, you won't see it before it has connected. Normally I haven't been worried about most of goog's changes but when they started deleting email that they think I should have another copy of -- that was unacceptable. They misrepresented their email service (that I'm paying for) as able to pass through unfiltered email. Such is not the case. Not only that, but they add about 5-6K to every message that comes through. I used to have mail <1K: not anymore. As cygwin stands now, only those who choose https, will get it. Yet still people are complaining because everyone isn't forced to do the same. That is the attitude google and other social echo-chambers are breeding and cultivating. I find it anything but innocuous. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple