This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: SSL not required for setup.exe download
On 3/12/19, Andrey Repin wrote:
> Greetings, Lee!
>
>>> It gives you false sense of security. What is worse, everybody is
>>> attempting
>>> to reassure this false sense on every possible occasion.
>
>> I don't think it's a false sense of security. https:// isn't "safe"
>> but it is _safer_ than http://
>
> Yep. Now, let's recall mcafee, norton, kaspersky, avast… and all those
> other
> "antiviruses" that proxy all TLS traffic through their own root certificate
> proxy.
But you did that to yourself. Hopefully you evaluated the risk/reward
in letting your a/v intercept everything. Or are at least aware that
your a/v is intercepting everything.
Altho I have a feeling most home users aren't aware of
https://www.us-cert.gov/ncas/alerts/TA17-075A
I haven't been paying attention - hopefully the situation has improved.
Regards,
Lee
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple