> On 10 Feb 2016, at 09:08, Charles Srstka <cocoa...@charlessoft.com> wrote:
>
> If your app is accessing your appcast via HTTP, that could be intercepted
> just the same as your relnotes, and then the attacker could set the relnotes
> URL to whatever s/he wants.
Can I just double-check my understanding here:
1. If the SUFeedURL uses https, the app is not vulnerable.
2. If 1 is true, neither of these matter:
2.1 the version of Sparkle
2.2 whether the release notes are http or https
TIA
Phil
_______________________________________________
Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com
This email sent to arch...@mail-archive.com
