SSL not required for setup.exe download

Erik Soderquist
Thu Mar 28 18:13:00 GMT 2019

On Fri, Mar 15, 2019 at 8:25 AM Brian Inglis wrote:
> ... corporate policies, proxies, firewalls, security products.
> Systems or images older than a year may need the new root CA installed - some
> enterprises are very selective about including support for anything in their
> images - and users may not have root CA store access.

I am one of these; a few sites I maintain are behind corporate
firewalls that explicitly block access to sites that can't scan the
communications on to prevent leaking of sensitive internal data.  For
these sites I have no choice but to use the http connections to be
able to update, and I also download signatures and verify against
public keys that the file is indeed the correct file rather than
something injected by an MitM attack before executing.  (Yes, this has
saved my bacon a couple times).

If http is disabled, these sites likely will never be updated again.

-- Erik

"I do not think any of us are truly sane, Caleb. Not even you. Courage
is not sanity. Being willing to die for someone else is not sanity."
... "Love is not sane, nor is faith." ... "If sanity lacks those
things, Caleb, I want no part of it."

-- Alexandria Terri in "Weaving the Wyvern" by Alexis Desiree Thorne

Problem reports:
Unsubscribe info:

More information about the Cygwin mailing list