[Bug 96827] website www.spice-space.org: downloads are not secured at all
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Wed Jul 6 09:44:04 UTC 2016
https://bugs.freedesktop.org/show_bug.cgi?id=96827
Christophe Fergeau <teuf at gnome.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |teuf at gnome.org
--- Comment #1 from Christophe Fergeau <teuf at gnome.org> ---
(In reply to Christian Stadelmann from comment #0)
> Currently, the website http://www.spice-space.org/ is not encrypted nor does
> it provide any signatures for downloads. This is an easy target for
> man-in-the-middle-attacks.
>
> Please
> 1. make this site available through HTTPS (and only HTTPS)
Yes, having https access has been on the TODO for a while
> 2. provide gpg signatures for downloads
Some downloads do have GPG signatures, see the .sig/.sign files on
http://www.spice-space.org/download/releases/ , I agree this should be done for
all new releases, which is far from being the case currently
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/spice-bugs/attachments/20160706/23652a11/attachment.html>
More information about the spice-bugs
mailing list