This is the mail archive of the
mailing list for the Cygwin project.
Re: SSL not required for setup.exe download
On 3/12/19, Achim Gratz wrote:
> Lee writes:
>> I don't think it's a false sense of security. https:// isn't "safe"
>> but it is _safer_ than http://
> Unless you are in an environment where an extra root cert is injected
> just to be able to break up the encrypted connection. Which is a lot
> more common than people think and is not quite as easy to check for as
> some folks make it out.
Right - checking the web-site cert on every site gets old fast. Which
is why I liked the firefox cert patrol addon reminding me $WORK had
their "data loss protection" screening in action.
But even with the security office being able to snoop or modify every
one of my https:// connections, it's just the security office people,
so it still seems safer using tls than clear-text connections.
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple