SSL not required for setup.exe download

Tue Mar 12 21:32:00 GMT 2019

On 3/12/19, Achim Gratz wrote:
> Lee writes:
>> I don't think it's a false sense of security.  https:// isn't "safe"
>> but it is _safer_ than http://
> Unless you are in an environment where an extra root cert is injected
> just to be able to break up the encrypted connection.  Which is a lot
> more common than people think and is not quite as easy to check for as
> some folks make it out.

Right - checking the web-site cert on every site gets old fast.  Which
is why I liked the firefox cert patrol addon reminding me $WORK had
their "data loss protection" screening in action.

But even with the security office being able to snoop or modify every
one of my https:// connections, it's just the security office people,
so it still seems safer using tls than clear-text connections.


Problem reports:
Unsubscribe info:

More information about the Cygwin mailing list