From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 103744 invoked by alias); 28 Mar 2019 18:13:24 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 103729 invoked by uid 89); 28 Mar 2019 18:13:24 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-0.0 required=5.0 tests=BAYES_20,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.1 spammy=corporate, faith, Love, H*f:sk:Q@mail. X-HELO: mail-wr1-f52.google.com Received: from mail-wr1-f52.google.com (HELO mail-wr1-f52.google.com) (209.85.221.52) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Thu, 28 Mar 2019 18:13:22 +0000 Received: by mail-wr1-f52.google.com with SMTP id h4so8472378wre.7 for ; Thu, 28 Mar 2019 11:13:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=4G0ERj5uD/jZlc1uSFUq7xT+S1f+feAOBm0ni8+VGc8=; b=L/aCqFHZuo7rQkWE3B7gqGxOya1W+PiJOuMH9Hp8jCP5l7BZ0BZdIxJruDQhKmVDZ8 1YK8RUY924PC4mQC5ywLSL/tnhGIq7esOAIWfK0HbQPslyevxD7M3At/yRpZ9y5TcI7i vBa8Mfkw3oQlHwJo/b6a2w8ULFaVShkYXuHTQCvE3ZKPBcFWe8kbGut195xvom1SIyqa JKalgmZLihXN502XRBHW4RY1iIA45t1Wg8Je07dbZulgiMvG3qjLUYhAyC4vmdPvnTwg gOS890IQIW8LDvNdbY1o5FwQhgG+jQaP3Ru75Syw631SI6U+kvNWaNacGACUi3U1A+vu xb0g== MIME-Version: 1.0 References: <1a840c2e-55ac-0ab4-66c4-a1f6a2c4f81a@Shaw.ca> <41f12842-ea43-ff63-a660-26ee3b497c63@SystematicSw.ab.ca> <1b570593-0ec7-0890-26ef-7e7468534f47@SystematicSw.ab.ca> In-Reply-To: From: Erik Soderquist Date: Thu, 28 Mar 2019 18:13:00 -0000 Message-ID: Subject: Re: SSL not required for setup.exe download To: cygwin Content-Type: text/plain; charset="UTF-8" X-SW-Source: 2019-03/txt/msg00633.txt.bz2 On Fri, Mar 15, 2019 at 8:25 AM Brian Inglis wrote: > ... corporate policies, proxies, firewalls, security products. > Systems or images older than a year may need the new root CA installed - some > enterprises are very selective about including support for anything in their > images - and users may not have root CA store access. I am one of these; a few sites I maintain are behind corporate firewalls that explicitly block access to sites that can't scan the communications on to prevent leaking of sensitive internal data. For these sites I have no choice but to use the http connections to be able to update, and I also download signatures and verify against public keys that the file is indeed the correct file rather than something injected by an MitM attack before executing. (Yes, this has saved my bacon a couple times). If http is disabled, these sites likely will never be updated again. -- Erik -- "I do not think any of us are truly sane, Caleb. Not even you. Courage is not sanity. Being willing to die for someone else is not sanity." ... "Love is not sane, nor is faith." ... "If sanity lacks those things, Caleb, I want no part of it." -- Alexandria Terri in "Weaving the Wyvern" by Alexis Desiree Thorne -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple