Cygwin website uses http: (not https:) for .exe downloads, allowing man-in-the-middle attack
Yaakov Selkowitz
yselkowitz@cygwin.com
Fri Feb 27 09:17:00 GMT 2015
On Thu, 2015-02-26 at 17:31 -0500, David A. Wheeler wrote:
> The Cygwin front web page ( https://www.cygwin.com/ ) says:
> "Install it by running setup-x86.exe (32-bit installation) or
> setup-x86_64.exe (64-bit installation)."
>
> However, both of the links to those .exe executables explicitly
> use "http://", and not "https://", even when you go to the https
> version of the Cygwin website.
The links are now relative, so this should no longer be an issue.
Thanks for reporting,
Yaakov
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin
mailing list