| www.delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:from:subject:reply-to:to:references:message-id | |
| :date:mime-version:in-reply-to:content-type | |
| :content-transfer-encoding; q=dns; s=default; b=WJuLzzRQQzYkwG+p | |
| FeEF42y6ZbAiQ+AtIfJOJahxs1nBscVFPp9h6LEnhzA3LVNoL1x4+zZYieFUYbyH | |
| +tt+xvl8Cqm5j/EJyoOICHIMr3BbJgjYjIrhc72zqjNX+jicCMX1VEc2Rq4SeWrd | |
| efY6WGMPd6LW2y7FB3PfMm2Lk74= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:from:subject:reply-to:to:references:message-id | |
| :date:mime-version:in-reply-to:content-type | |
| :content-transfer-encoding; s=default; bh=EJeiQX3TbkVR7GcME/Siay | |
| 2lkMY=; b=XMF9ifZH5i4vxendGFWOH4i4dJESVsXo8m5ibgo3CH3uznvTPJQBZe | |
| ZqhTDd2ghQo0KuT9POKmESi06e/QMpcO52Bg52teLZ6y8Rfu4ws7B8qy2OwbFFf5 | |
| 05PemubFsBt72qEY+thrskoAd7LP2IBKzqdRIcHf420JMt4t7b/yk= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Spam-SWARE-Status: | No, score=-2.7 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 spammy=equally, brian, Brian, downloading |
| X-HELO: | smtp-out-so.shaw.ca |
| From: | Brian Inglis <Brian DOT Inglis AT SystematicSw DOT ab DOT ca> |
| Subject: | Re: SSL not required for setup.exe download |
| Reply-To: | Brian DOT Inglis AT SystematicSw DOT ab DOT ca |
| To: | "cygwin AT cygwin DOT com" <cygwin AT cygwin DOT com> |
| References: | <CANSoFxtW0Jb1M5KfkFGGOxec_D8ysyYCrnk_PXWjHobLDXZauQ AT mail DOT gmail DOT com> <1a840c2e-55ac-0ab4-66c4-a1f6a2c4f81a AT Shaw DOT ca> <CANSoFxtA0vnF1adx4rwyjuMasrVAOGb8hT_Uct-wSdcazj252w AT mail DOT gmail DOT com> <41f12842-ea43-ff63-a660-26ee3b497c63 AT SystematicSw DOT ab DOT ca> <CANSoFxtLzGgcOhrsu4h0eXXnpezB6v17cGwOrqy6SjSvJ__gLA AT mail DOT gmail DOT com> <1b570593-0ec7-0890-26ef-7e7468534f47 AT SystematicSw DOT ab DOT ca> <CANSoFxsq+5OfRH7RF3QdpMSJU-4JAKSCZM-rUUysP5Y3myR0+Q AT mail DOT gmail DOT com> <CAD8GWsu+P_d8RCiibkZ068oRAf8yeu=W5CLFO+ZNXGxjUcBOpw AT mail DOT gmail DOT com> <CANSoFxu7sNUqP3zSKHiFULBrvOkhPFRuc8MyAHojAGFNu-O_xQ AT mail DOT gmail DOT com> <ecebba35-b0d0-b996-8a78-47e0e8d33572 AT SystematicSw DOT ab DOT ca> <CANSoFxsNHmOEXDvbQC2MevYjYxcfoGH2BK5UhmnuYA44OUg3-Q AT mail DOT gmail DOT com> |
| Openpgp: | preference=signencrypt |
| Message-ID: | <ac07a8bc-f30a-a68c-5392-c077204f8afe@SystematicSw.ab.ca> |
| Date: | Fri, 15 Mar 2019 06:25:24 -0600 |
| User-Agent: | Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.5.3 |
| MIME-Version: | 1.0 |
| In-Reply-To: | <CANSoFxsNHmOEXDvbQC2MevYjYxcfoGH2BK5UhmnuYA44OUg3-Q@mail.gmail.com> |
| X-IsSubscribed: | yes |
On 2019-03-12 08:58, Archie Cobbs wrote: > On Tue, Mar 12, 2019 at 9:32 AM Brian Inglis wrote: >>> OTOH, if you download the file over HTTPS.. then your client supports >>> SSL. Which is exactly what I'm saying should be mandatory. >> Forcing TLS means blocking anyone who for any reason can not use TLS: this is a >> performance and support burden compared to allowing both HTTP:80 and HTTPS:443. > OK. Personally I have trouble believing any such person exists. That > is, a person who has access to an HTTP client, but not an HTTPS > client, for the one-time operation of downloading setup.exe. What are > they using, a TRS-80? I never said it was a person nor that they did not have access to a TLS client. I said they could not use a TLS client, which could be because of platform deficiencies, corporate policies, proxies, firewalls, security products. Systems or images older than a year may need the new root CA installed - some enterprises are very selective about including support for anything in their images - and users may not have root CA store access. I have systems which can support only original SSL not TLS - good luck using HTTPS to or from them, without using equally old software or libraries! > Anyway no worries, I'm giving up on this issue. Too much inertia around here. Perhaps just a desire not to break users access based om a wider understanding and experience of the variety across the complete ecosystem in which the projects are used, not just folks using modern desktop GUIs with no system or network access policies or restrictions. -- Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada This email may be disturbing to some readers as it contains too much technical detail. Reader discretion is advised. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |