On 3/11/19, Andrey Repin wrote: > Greetings, Archie Cobbs! > >> I must say I'm surprised so many people think it's a good idea to >> leave cygwin open to trivial MITM attacks, which is the current state >> of affairs. > >> This is my opinion only of course, but if cygwin wants to have any >> security credibility, it should simply disallow non-SSL downloads of >> setup.exe. Otherwise the chain of authenticity is broken forever. > > All the SSL stuff is build on idea of implicit unlimited trust.
I agree, the whole certificate authority bit seems to .. over-promise. On the other hand, it does also seems to "raise the bar" making it much more difficult to snoop or alter data in transit. > Which is way worse in my opinion, than any theoretical MITM attack, which > is easily mitigated with proper validation of your downloads. Serious question - exactly how does one do "proper validation of your downloads"? For example, I don't have the current version of 7-zip https://www.7-zip.org/ has a download link, but I don't see anything for a .sig, checksum or anything. https://sourceforge.net/projects/sevenzip/files/7-Zip/19.00/ isn't any better. It seems to me that the best I can do is make sure I do the download via an https:// link > It gives you false sense of security. What is worse, everybody is > attempting > to reassure this false sense on every possible occasion. I don't think it's a false sense of security. https:// isn't "safe" but it is _safer_ than http:// Regards, Lee -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
