Bug 90915 - Enable HTTPS on download.freedesktop.org
Summary: Enable HTTPS on download.freedesktop.org
Status: RESOLVED FIXED
Alias: None
Product: freedesktop.org
Classification: Unclassified
Component: Website (show other bugs)
Version: unspecified
Hardware: Other All
: medium normal
Assignee: fd.o Admin Massive
QA Contact:
URL:
Whiteboard:
Keywords: security
Depends on: 89682
Blocks:
  Show dependency treegraph
 
Reported: 2015-06-09 16:38 UTC by Philip Withnall
Modified: 2016-02-15 21:18 UTC (History)
1 user (show)

See Also:
i915 platform:
i915 features:

Attachments

Description Philip Withnall 2015-06-09 16:38:09 UTC 
+++ This bug was initially created as a clone of Bug #89682 +++

As with anongit, please enable HTTPS on download.freedesktop.org, then projects like libnice can symlink their release directories into /srv/download.freedesktop.org/www/$project and have HTTPS for release downloads. This eliminates the possibility of downloads being MitMed and it not being detected because nobody ever manually checks SHA sums or signatures.
Comment 1 Daniel Stone 2016-02-15 14:34:24 UTC 
download.fd.o essentially only worked by accident, due to having a wildcard DNS entry (sigh). Does anyone actually still use it?
Comment 2 Tollef Fog Heen 2016-02-15 21:18:35 UTC 
We now have TLS enabled for www.freedesktop.org and projects can use /software there to store their packages.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.