URL:
<https://savannah.gnu.org/support/?109567>
Summary: Download area link for some packages uses insecure
http protocol
Project: Savannah Administration
Submitted by: haible
Submitted on: Sat 06 Oct 2018 07:58:05 PM CEST
Category: Download area - general
Priority: 5 - Normal
Severity: 3 - Normal
Status: None
Assigned to: None
Originator Email: br...@clisp.org
Operating System: GNU/Linux
Open/Closed: Open
Discussion Lock: Any
_______________________________________________________
Details:
The project e.g. https://savannah.nongnu.org/projects/acl/ has a link to a
"Download area": https://savannah.nongnu.org/files/?group=acl . This is a
https URL; good.
But when you enter it in a browser, it redirects to
http://download.savannah.nongnu.org/releases/acl/ - which is bad because it
encourages users to download via the insecure http protocol, which makes them
vulnerable to man-in-the-middle attaks. It would be better to redirect to
https://download.savannah.nongnu.org/releases/acl/ instead.
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/support/?109567>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
