SSL should not be required for setup.exe download

L A Walsh cygwin@tlinx.org
Mon Mar 11 13:13:00 GMT 2019


On 3/10/2019 10:16 PM, Mark Geisert wrote:
> FWIW, I can reproduce the OP's STC using Chrome, Firefox, and Pale Moon.  Not 
> sure why it happens for some folks but not others.  But since it does exist for 
> some users, should it be dealt with?
>   
---
    Probably: https should be disabled on the site, then no one who has
used hsts will be able to access the site.  If https goes down for
some reason, anyone running hsts won't be able to access the site unless
they figure out to how to reset their browser.

    Only people who are using https would have hsts enabled.  If someone
only uses http, or is a browser that doesn't accept it or disables
it (for a few years I used a browser setting to disable it) because
I like knowing when google is being notified.  Unfortunately, now,
they are getting my email cuz I had to find a new provider on relative
short notice.  I didn't realize that they delete your incoming list
email if they thing you got it directly --  which messes up reading
messages in context on a list.

    They also delete incoming list email that you *sent* from
a google account because, they will tell you, that you can go find
the message in your 'Sent' email (unless you deleted it, in which
case its your own fault).  As it is, I'm finding emails going
missing because they though it came through to me, but for whatever
reason may have been filed in another, unrelated email box that
was also Cc'd.

    Google is irresponsible and has a history of creating changes then
backing them out or getting people on products/forums then killing
those products/tools.  If you ever noticed...nearly everything from
them is in "Beta".  A few years ago, google added 'fonts for the web' --
another enticement for web-owners to tell your browser to contact google.
Of course if the text is encrypted because of HSTS, you won't see it
before it has connected. 

Normally I haven't been worried about most of goog's changes but
when they started deleting email that they think I should have another
copy of -- that was unacceptable.  They misrepresented their email
service (that I'm paying for) as able to pass through unfiltered
email.  Such is not the case.  Not only that, but they add about 5-6K
to every message that comes through.  I used to have mail <1K: not
anymore.

As cygwin stands now, only those who choose https, will get it.  Yet
still people are complaining because everyone isn't forced to do the
same.  That is the attitude google and other social echo-chambers
are breeding and cultivating.

I find it anything but innocuous.



--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple



More information about the Cygwin mailing list