[SAC] [OSGeo] #2775: OSGeo Download Server does not redirect to secure HTTPS
OSGeo
trac_osgeo at osgeo.org
Wed Jun 22 16:54:55 PDT 2022
#2775: OSGeo Download Server does not redirect to secure HTTPS
-------------------------+------------------------
Reporter: Mike Toews | Owner: vicky@…
Type: enhancement | Status: new
Priority: normal | Milestone: Unplanned
Component: WebSite | Resolution:
Keywords: |
-------------------------+------------------------
Comment (by wildintellect):
Most browsers are going to start redirecting to https by default soon, so
for ordinary users this will solve itself.
https://www.makeuseof.com/chrome-defaults-to-https/
The argument is to prevent malicious manipulation of the bytes (man in the
middle) on software downloads (because few people check hashes). This is a
valid concern (CRAN for R made this switch a few years back). However Robe
is right that many services, aka build tools may be relying on http, and
some system block https access. So while we should encourage https I agree
we don't need to force it but encourage it's usage.
As long as anything requiring login goes to https that should be fine.
Ah it is a little odd to go from https to http. I am unable to replicate
that issue, can you provide more details on exact steps?
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2775#comment:3>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
More information about the Sac
mailing list