Please switch all of your mirrors to use HTTPS. Many binary distributions are hosted on Sourceforge, especially Windows binaries, most of which do not have any in-band authentication. HTTPS is the absolute minimum level of assurance you could provide for file downloads.
As it stands, your download pages actively redirect from HTTPS to HTTP, so even if I carefully type a secure URL I am forced to trust any criminal who has decided to poison my DNS cache with administrator access to all of my Windows machines.
Log in to post a comment.