From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <cygwin-return-215868-listarch-cygwin=sourceware.org@cygwin.com>
Received: (qmail 69989 invoked by alias); 10 Mar 2019 16:35:50 -0000
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Received: (qmail 69980 invoked by uid 89); 10 Mar 2019 16:35:50 -0000
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-1.5 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.1 spammy=crowd, HX-Languages-Length:531, bend, worried
X-HELO: mail-vk1-f181.google.com
Received: from mail-vk1-f181.google.com (HELO mail-vk1-f181.google.com) (209.85.221.181) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Sun, 10 Mar 2019 16:35:48 +0000
Received: by mail-vk1-f181.google.com with SMTP id 17so522632vkf.4        for <cygwin@cygwin.com>; Sun, 10 Mar 2019 09:35:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;        d=gmail.com; s=20161025;        h=mime-version:references:in-reply-to:from:date:message-id:subject:to;        bh=JPbT7M45b1cRjfmLALAy8DmaPvDNyPUyjoMhD/fRhhY=;        b=uORLvqIRbbcvUr7gV34wIR3ZmhX19ylyoCKir/TWEk4r59ft0OW9NLvIDT4FEAsF5E         hgMfYZnnt01lcv9/TOfMnglNoBF99RCxBj7TPs7KdUx9ZCxyOWOi0BQ44D+umBza8TQr         dLiBxA/LoXOrsTiGsH/0Favp+VYrDR3+l4lm3xKSnGqiiQafdGUlcs2Y4QgBDw7He5Cu         Y5hC3mwGaiG5TywKMr8TYrFi+7JGeX3wJw218k7xmoqBngLkuwB0M8GaDgv3zo3u7KAN         VSdki10cQH78XYmGoOnCYuQZK9gHO6PznBC6it1etNQlk6FdNU4Z1QbsFzDbhjRSxJVN         9Yjg==
MIME-Version: 1.0
References: <CANSoFxtW0Jb1M5KfkFGGOxec_D8ysyYCrnk_PXWjHobLDXZauQ@mail.gmail.com> <924339539.20190310162957@yandex.ru>
In-Reply-To: <924339539.20190310162957@yandex.ru>
From: Archie Cobbs <archie.cobbs@gmail.com>
Date: Sun, 10 Mar 2019 16:35:00 -0000
Message-ID: <CANSoFxvFw0Q4B1BbP55x09Uz=XLG6fD1OG6-Kw0whzoVAU3iDw@mail.gmail.com>
Subject: Re: SSL not required for setup.exe download
To: cygwin@cygwin.com
Content-Type: text/plain; charset="UTF-8"
X-IsSubscribed: yes
X-SW-Source: 2019-03/txt/msg00221.txt.bz2

Hi Andrey,

On Sun, Mar 10, 2019 at 8:35 AM Andrey Repin <anrdaemon@yandex.ru> wrote:
> > Is there any reason not to force this redirect and close this security hole?
>
> If you care that much, you would use https.
> If not, then I see no reason to bend to hysteric crowd.

You are correct: careful, diligent, knowledgeable people will know to use https.

Those are not the people I'm worried about however... I'm worried
about the other 95% of humanity :)

-Archie

-- 
Archie L. Cobbs

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple