SSL not required for setup.exe download
Archie Cobbs
archie.cobbs@gmail.com
Mon Mar 11 03:53:00 GMT 2019
On Sun, Mar 10, 2019 at 6:20 PM L A Walsh <cygwin@tlinx.org> wrote:
> >> It would be safer if http://www.cygwin.com always redirected you to
> >> https://www.cygwin.com, where the page and the link are SSL.
> >> Is there any reason not to force this redirect and close this security hole?
>
> I think the point is that if you redirect and a client can't
> speak https, what happens? Wouldn't they get an error that would
> prevent them from using the site?
I guess so. Can you name any such client?
-AC
--
Archie L. Cobbs
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin
mailing list