#270 Plaintext downloads expose users of sourceforge to unnecessary risk

implemented
nobody
File-Release-System
2017-01-30
2014-06-11
No

Please switch all of your mirrors to use HTTPS. Many binary distributions are hosted on Sourceforge, especially Windows binaries, most of which do not have any in-band authentication. HTTPS is the absolute minimum level of assurance you could provide for file downloads.

As it stands, your download pages actively redirect from HTTPS to HTTP, so even if I carefully type a secure URL I am forced to trust any criminal who has decided to poison my DNS cache with administrator access to all of my Windows machines.

Discussion

  • Dave Brondsema

    Dave Brondsema - 2017-01-30
    • status: open --> implemented
     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks