From: Brian Inglis <Brian.Inglis@SystematicSw.ab.ca>
To: "cygwin@cygwin.com" <cygwin@cygwin.com>
Subject: Re: SSL not required for setup.exe download
Date: Fri, 15 Mar 2019 12:25:00 -0000 [thread overview]
Message-ID: <ac07a8bc-f30a-a68c-5392-c077204f8afe@SystematicSw.ab.ca> (raw)
In-Reply-To: <CANSoFxsNHmOEXDvbQC2MevYjYxcfoGH2BK5UhmnuYA44OUg3-Q@mail.gmail.com>
On 2019-03-12 08:58, Archie Cobbs wrote:
> On Tue, Mar 12, 2019 at 9:32 AM Brian Inglis wrote:
>>> OTOH, if you download the file over HTTPS.. then your client supports
>>> SSL. Which is exactly what I'm saying should be mandatory.
>> Forcing TLS means blocking anyone who for any reason can not use TLS: this is a
>> performance and support burden compared to allowing both HTTP:80 and HTTPS:443.
> OK. Personally I have trouble believing any such person exists. That
> is, a person who has access to an HTTP client, but not an HTTPS
> client, for the one-time operation of downloading setup.exe. What are
> they using, a TRS-80?
I never said it was a person nor that they did not have access to a TLS client.
I said they could not use a TLS client, which could be because of platform
deficiencies, corporate policies, proxies, firewalls, security products.
Systems or images older than a year may need the new root CA installed - some
enterprises are very selective about including support for anything in their
images - and users may not have root CA store access.
I have systems which can support only original SSL not TLS - good luck using
HTTPS to or from them, without using equally old software or libraries!
> Anyway no worries, I'm giving up on this issue. Too much inertia around here.
Perhaps just a desire not to break users access based om a wider understanding
and experience of the variety across the complete ecosystem in which the
projects are used, not just folks using modern desktop GUIs with no system or
network access policies or restrictions.
--
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada
This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
next prev parent reply other threads:[~2019-03-15 12:25 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-10 4:54 Archie Cobbs
2019-03-10 13:35 ` Andrey Repin
2019-03-10 16:35 ` Archie Cobbs
2019-03-10 14:16 ` Brian Inglis
2019-03-10 16:40 ` Archie Cobbs
2019-03-11 3:51 ` Brian Inglis
2019-03-11 5:16 ` Mark Geisert
2019-03-11 11:50 ` Brian Inglis
2019-03-11 13:13 ` SSL should not be " L A Walsh
2019-03-11 13:44 ` SSL not " Archie Cobbs
2019-03-11 19:42 ` Brian Inglis
2019-03-11 22:14 ` Archie Cobbs
2019-03-11 22:59 ` Lee
2019-03-12 13:47 ` Archie Cobbs
2019-03-12 14:31 ` Brian Inglis
2019-03-12 14:58 ` Archie Cobbs
2019-03-15 12:25 ` Brian Inglis [this message]
2019-03-28 18:13 ` Erik Soderquist
2019-03-12 19:21 ` Achim Gratz
2019-03-12 19:59 ` Lee
2019-03-12 0:20 ` Andrey Repin
2019-03-12 19:45 ` Lee
2019-03-12 20:35 ` Andrey Repin
2019-03-12 21:14 ` Lee
2019-03-12 21:35 ` Andrey Repin
2019-03-12 22:01 ` Lee
2019-03-12 20:42 ` Achim Gratz
2019-03-12 21:32 ` Lee
2019-03-12 21:35 ` Andrey Repin
2019-03-12 21:50 ` Lee
2019-03-13 20:50 ` Andrey Repin
2019-03-11 20:24 ` SSL should not be required for open source downloading L A Walsh
2019-03-10 14:16 ` SSL not required for setup.exe download Brian Inglis
2019-03-10 23:20 ` L A Walsh
2019-03-11 3:53 ` Archie Cobbs
2019-03-11 13:13 ` Brian Inglis
2019-03-11 13:22 ` L A Walsh
2019-03-11 13:39 ` L A Walsh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ac07a8bc-f30a-a68c-5392-c077204f8afe@SystematicSw.ab.ca \
--to=brian.inglis@systematicsw.ab.ca \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).