<html>
    <head>
      <base href="https://bugs.freedesktop.org/">
    </head>
    <body><span class="vcard"><a class="email" href="mailto:teuf@gnome.org" title="Christophe Fergeau <teuf@gnome.org>"> <span class="fn">Christophe Fergeau</span></a>
</span> changed
          <a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - website www.spice-space.org: downloads are not secured at all"
   href="https://bugs.freedesktop.org/show_bug.cgi?id=96827">bug 96827</a>
          <br>
             <table border="1" cellspacing="0" cellpadding="8">
          <tr>
            <th>What</th>
            <th>Removed</th>
            <th>Added</th>
          </tr>

         <tr>
           <td style="text-align:right;">CC</td>
           <td>
                
           </td>
           <td>teuf@gnome.org
           </td>
         </tr></table>
      <p>
        <div>
            <b><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - website www.spice-space.org: downloads are not secured at all"
   href="https://bugs.freedesktop.org/show_bug.cgi?id=96827#c1">Comment # 1</a>
              on <a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - website www.spice-space.org: downloads are not secured at all"
   href="https://bugs.freedesktop.org/show_bug.cgi?id=96827">bug 96827</a>
              from <span class="vcard"><a class="email" href="mailto:teuf@gnome.org" title="Christophe Fergeau <teuf@gnome.org>"> <span class="fn">Christophe Fergeau</span></a>
</span></b>
        <pre>(In reply to Christian Stadelmann from <a href="show_bug.cgi?id=96827#c0">comment #0</a>)
<span class="quote">> Currently, the website <a href="http://www.spice-space.org/">http://www.spice-space.org/</a> is not encrypted nor does
> it provide any signatures for downloads. This is an easy target for
> man-in-the-middle-attacks.
> 
> Please
> 1. make this site available through HTTPS (and only HTTPS)</span >

Yes, having https access has been on the TODO for a while

<span class="quote">> 2. provide gpg signatures for downloads</span >

Some downloads do have GPG signatures, see the .sig/.sign files on
<a href="http://www.spice-space.org/download/releases/">http://www.spice-space.org/download/releases/</a> , I agree this should be done for
all new releases, which is far from being the case currently</pre>
        </div>
      </p>


      <hr>
      <span>You are receiving this mail because:</span>

      <ul>
          <li>You are the assignee for the bug.</li>
      </ul>
    </body>
</html>