On Mon, Jul 27, 2015 at 12:32 AM, Ferenc Kovacs <tyr...@gmail.com> wrote: > Hi, > > I've just realized that even thought https://pear.php.net/ is available, we > are still downloading the install-pear-nozlib.phar via http:// in > pear/Makefile.frag and makedist > Do you happen to know any reason for keeping it that way or is this only for > historical reasons (maybe pear.php.net did not have proper cert or > configured to accept traffic on 443 originally when the download process was > created) and should be ok to make this more secure(as it would prevent MITM > attacks). > > What do you think?
I think nice catch *hat tip*. I'm pretty sure noone cared when this was written ~10 years ago -- we didn't even have any certificate issued, not even CAcert at that point. -Hannes -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
