From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <cygwin-return-215884-listarch-cygwin=sourceware.org@cygwin.com>
Received: (qmail 98977 invoked by alias); 11 Mar 2019 03:53:42 -0000
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Received: (qmail 98953 invoked by uid 89); 11 Mar 2019 03:53:41 -0000
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-1.5 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.1 spammy=site
X-HELO: mail-ua1-f43.google.com
Received: from mail-ua1-f43.google.com (HELO mail-ua1-f43.google.com) (209.85.222.43) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 11 Mar 2019 03:53:40 +0000
Received: by mail-ua1-f43.google.com with SMTP id a42so1061158uad.1        for <cygwin@cygwin.com>; Sun, 10 Mar 2019 20:53:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;        d=gmail.com; s=20161025;        h=mime-version:references:in-reply-to:from:date:message-id:subject:to;        bh=8maJW+YewqxrppKMeGHL1pInrSj9hNGngEOs9/Dlo24=;        b=U3uaLHgqp5d9KH9ZQrMp3YOoaIBAdD+AdHXspP9DVBRD0ZUxWd89HHw9TRqLQrSzKU         JQEQUMn0bZzLyj7+C+GxbQt1lwfcKxgDv6X9EgoFy2edm75M8QcIl1Xm3Dw3ZPfXBzUn         YlKE/uWUSytCDIVkSVak7r8wWYK1ot8/MM4nmPPWjWPHQaaYykxTvnrLvZI+2jTF5v6b         J6qG1RC4HuIkPC4vQW6qPuTBMmsrL5PmYxhcavgLFZPWkLl36IiCAx9MNhkBfilxxHOU         wYkMO1L6yeWYdHW4dZPSOkjOvmk7A8qz02iYS547E1yRAYCoBbFataZ3l3PfTcBXgC7/         8WMw==
MIME-Version: 1.0
References: <CANSoFxtW0Jb1M5KfkFGGOxec_D8ysyYCrnk_PXWjHobLDXZauQ@mail.gmail.com> <fcfccbe3-a4e3-2f75-a2f4-23d12abc5a70@SystematicSw.ab.ca> <5C859BB7.4040900@tlinx.org>
In-Reply-To: <5C859BB7.4040900@tlinx.org>
From: Archie Cobbs <archie.cobbs@gmail.com>
Date: Mon, 11 Mar 2019 03:53:00 -0000
Message-ID: <CANSoFxtRQrwe4TAWweswXC94d5hzyt--M6BaR4Dcg1yBVqh1GQ@mail.gmail.com>
Subject: Re: SSL not required for setup.exe download
To: cygwin@cygwin.com
Content-Type: text/plain; charset="UTF-8"
X-IsSubscribed: yes
X-SW-Source: 2019-03/txt/msg00237.txt.bz2

On Sun, Mar 10, 2019 at 6:20 PM L A Walsh <cygwin@tlinx.org> wrote:
> >> It would be safer if http://www.cygwin.com always redirected you to
> >> https://www.cygwin.com, where the page and the link are SSL.
> >> Is there any reason not to force this redirect and close this security hole?
>
>     I think the point is that if you redirect and a client can't
> speak https, what happens?  Wouldn't they get an error that would
> prevent them from using the site?

I guess so. Can you name any such client?

-AC

-- 
Archie L. Cobbs

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple