[SAC] [OSGeo] #2775: OSGeo Download Server does not redirect to secure HTTPS

OSGeo trac_osgeo at osgeo.org
Wed Jun 22 16:54:55 PDT 2022


#2775: OSGeo Download Server does not redirect to secure HTTPS
-------------------------+------------------------
 Reporter:  Mike Toews   |       Owner:  vicky@…
     Type:  enhancement  |      Status:  new
 Priority:  normal       |   Milestone:  Unplanned
Component:  WebSite      |  Resolution:
 Keywords:               |
-------------------------+------------------------
Comment (by wildintellect):

 Most browsers are going to start redirecting to https by default soon, so
 for ordinary users this will solve itself.
 https://www.makeuseof.com/chrome-defaults-to-https/

 The argument is to prevent malicious manipulation of the bytes (man in the
 middle) on software downloads (because few people check hashes). This is a
 valid concern (CRAN for R made this switch a few years back). However Robe
 is right that many services, aka build tools may be relying on http, and
 some system block https access. So while we should encourage https I agree
 we don't need to force it but encourage it's usage.

 As long as anything requiring login goes to https that should be fine.

 Ah it is a little odd to go from https to http. I am unable to replicate
 that issue, can you provide more details on exact steps?
-- 
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2775#comment:3>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.


More information about the Sac mailing list