|
| From: | Bruno Haible |
| Subject: | [savannah-help-public] [sr #109567] Download area link for some packages uses insecure http protocol |
| Date: | Sat, 6 Oct 2018 13:58:06 -0400 (EDT) |
| User-agent: | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0 |
URL:
<https://savannah.gnu.org/support/?109567>
Summary: Download area link for some packages uses insecure
http protocol
Project: Savannah Administration
Submitted by: haible
Submitted on: Sat 06 Oct 2018 07:58:05 PM CEST
Category: Download area - general
Priority: 5 - Normal
Severity: 3 - Normal
Status: None
Assigned to: None
Originator Email: address@hidden
Operating System: GNU/Linux
Open/Closed: Open
Discussion Lock: Any
_______________________________________________________
Details:
The project e.g. https://savannah.nongnu.org/projects/acl/ has a link to a
"Download area": https://savannah.nongnu.org/files/?group=acl . This is a
https URL; good.
But when you enter it in a browser, it redirects to
http://download.savannah.nongnu.org/releases/acl/ - which is bad because it
encourages users to download via the insecure http protocol, which makes them
vulnerable to man-in-the-middle attaks. It would be better to redirect to
https://download.savannah.nongnu.org/releases/acl/ instead.
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/support/?109567>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
| [Prev in Thread] | Current Thread | [Next in Thread] |