On Fri, Mar 15, 2019 at 8:25 AM Brian Inglis wrote: > ... corporate policies, proxies, firewalls, security products. > Systems or images older than a year may need the new root CA installed - some > enterprises are very selective about including support for anything in their > images - and users may not have root CA store access.
I am one of these; a few sites I maintain are behind corporate firewalls that explicitly block access to sites that can't scan the communications on to prevent leaking of sensitive internal data. For these sites I have no choice but to use the http connections to be able to update, and I also download signatures and verify against public keys that the file is indeed the correct file rather than something injected by an MitM attack before executing. (Yes, this has saved my bacon a couple times). If http is disabled, these sites likely will never be updated again. -- Erik -- "I do not think any of us are truly sane, Caleb. Not even you. Courage is not sanity. Being willing to die for someone else is not sanity." ... "Love is not sane, nor is faith." ... "If sanity lacks those things, Caleb, I want no part of it." -- Alexandria Terri in "Weaving the Wyvern" by Alexis Desiree Thorne -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
