This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Cygwin website uses http: (not https:) for .exe downloads, allowing man-in-the-middle attack


On Thu, 2015-02-26 at 17:31 -0500, David A. Wheeler wrote:
> The Cygwin front web page ( https://www.cygwin.com/ ) says:
> "Install it by running setup-x86.exe (32-bit installation) or
>  setup-x86_64.exe (64-bit installation)."
> 
> However, both of the links to those .exe executables explicitly
> use "http://";, and not "https://";, even when you go to the https
> version of the Cygwin website.

The links are now relative, so this should no longer be an issue.

Thanks for reporting,

Yaakov



--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]