| www.delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:mime-version:references:in-reply-to:from:date | |
| :message-id:subject:to:content-type; q=dns; s=default; b=uRHvA0C | |
| WVm19BI2b0uoR1UVmlGR7xyspcrUY249No+RXFvWhL7IB/EDR+FA25YGHK5lFqji | |
| vX6UB1IW7G4eiFzIdhf5s3Xp2g+k5WYQsUVeQTkRVah4k4rL390WwFfMhFHG0xJT | |
| t1GXUYxQqDqyIVVc/niIKU/XH0O23QnboQ8c= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:mime-version:references:in-reply-to:from:date | |
| :message-id:subject:to:content-type; s=default; bh=YWiaFP7g2sIAW | |
| ZzS4zX/ZN7Usk8=; b=rs7jL8cVq8evL1+MV8sVSi5SN7KLSPVlu2TYQFLxGEPes | |
| laAAbfbs3RxHjW1zxzfrEEDr1t3vdbkkUhUmPfHfo2/5fBPc7RLfhU+IX0FaxA7u | |
| xp6wJO/IdVjTh2u+CaYcm2eF3B6H3wMe/6Gdlt1QI5Y05PcR74cZKPRYd0/1Ys= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Spam-SWARE-Status: | No, score=-0.0 required=5.0 tests=BAYES_20,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.1 spammy=corporate, faith, Love, H*f:sk:Q AT mail. |
| X-HELO: | mail-wr1-f52.google.com |
| DKIM-Signature: | v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=4G0ERj5uD/jZlc1uSFUq7xT+S1f+feAOBm0ni8+VGc8=; b=L/aCqFHZuo7rQkWE3B7gqGxOya1W+PiJOuMH9Hp8jCP5l7BZ0BZdIxJruDQhKmVDZ8 1YK8RUY924PC4mQC5ywLSL/tnhGIq7esOAIWfK0HbQPslyevxD7M3At/yRpZ9y5TcI7i vBa8Mfkw3oQlHwJo/b6a2w8ULFaVShkYXuHTQCvE3ZKPBcFWe8kbGut195xvom1SIyqa JKalgmZLihXN502XRBHW4RY1iIA45t1Wg8Je07dbZulgiMvG3qjLUYhAyC4vmdPvnTwg gOS890IQIW8LDvNdbY1o5FwQhgG+jQaP3Ru75Syw631SI6U+kvNWaNacGACUi3U1A+vu xb0g== |
| MIME-Version: | 1.0 |
| References: | <CANSoFxtW0Jb1M5KfkFGGOxec_D8ysyYCrnk_PXWjHobLDXZauQ AT mail DOT gmail DOT com> <1a840c2e-55ac-0ab4-66c4-a1f6a2c4f81a AT Shaw DOT ca> <CANSoFxtA0vnF1adx4rwyjuMasrVAOGb8hT_Uct-wSdcazj252w AT mail DOT gmail DOT com> <41f12842-ea43-ff63-a660-26ee3b497c63 AT SystematicSw DOT ab DOT ca> <CANSoFxtLzGgcOhrsu4h0eXXnpezB6v17cGwOrqy6SjSvJ__gLA AT mail DOT gmail DOT com> <1b570593-0ec7-0890-26ef-7e7468534f47 AT SystematicSw DOT ab DOT ca> <CANSoFxsq+5OfRH7RF3QdpMSJU-4JAKSCZM-rUUysP5Y3myR0+Q AT mail DOT gmail DOT com> <CAD8GWsu+P_d8RCiibkZ068oRAf8yeu=W5CLFO+ZNXGxjUcBOpw AT mail DOT gmail DOT com> <CANSoFxu7sNUqP3zSKHiFULBrvOkhPFRuc8MyAHojAGFNu-O_xQ AT mail DOT gmail DOT com> <ecebba35-b0d0-b996-8a78-47e0e8d33572 AT SystematicSw DOT ab DOT ca> <CANSoFxsNHmOEXDvbQC2MevYjYxcfoGH2BK5UhmnuYA44OUg3-Q AT mail DOT gmail DOT com> <ac07a8bc-f30a-a68c-5392-c077204f8afe AT SystematicSw DOT ab DOT ca> |
| In-Reply-To: | <ac07a8bc-f30a-a68c-5392-c077204f8afe@SystematicSw.ab.ca> |
| From: | Erik Soderquist <erik DOT soderquist AT gmail DOT com> |
| Date: | Thu, 28 Mar 2019 14:13:07 -0400 |
| Message-ID: | <CACoZoo0e=zfSECFHNUk2_RT2dV8fYTeMwJwQ+=mZw5UT0fo0Vg@mail.gmail.com> |
| Subject: | Re: SSL not required for setup.exe download |
| To: | cygwin <cygwin AT cygwin DOT com> |
On Fri, Mar 15, 2019 at 8:25 AM Brian Inglis wrote: > ... corporate policies, proxies, firewalls, security products. > Systems or images older than a year may need the new root CA installed - some > enterprises are very selective about including support for anything in their > images - and users may not have root CA store access. I am one of these; a few sites I maintain are behind corporate firewalls that explicitly block access to sites that can't scan the communications on to prevent leaking of sensitive internal data. For these sites I have no choice but to use the http connections to be able to update, and I also download signatures and verify against public keys that the file is indeed the correct file rather than something injected by an MitM attack before executing. (Yes, this has saved my bacon a couple times). If http is disabled, these sites likely will never be updated again. -- Erik -- "I do not think any of us are truly sane, Caleb. Not even you. Courage is not sanity. Being willing to die for someone else is not sanity." ... "Love is not sane, nor is faith." ... "If sanity lacks those things, Caleb, I want no part of it." -- Alexandria Terri in "Weaving the Wyvern" by Alexis Desiree Thorne -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |