Bug 682641 – Offer GTK+ packages over SSL?

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 682641 - Offer GTK+ packages over SSL?


Summary:	Offer GTK+ packages over SSL?


Status:	RESOLVED FIXED

Product:	gtk+
Classification:	Platform
Component:	Website
Version:	unspecified
Hardware:	Other other

Importance:	Normal enhancement
Target Milestone:	---
Assigned To:	gtk-bugs
QA Contact:	Martyn Russell

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2012-08-24 21:03 UTC by Jacob Appelbaum
Modified:	2014-05-22 00:40 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Jacob Appelbaum 2012-08-24 21:03:55 UTC

It would be nice if GTK+ packages were available over HTTPS (SSL/TLS). Users currently have no way to verify the downloaded packages are not backdoored by the network; at least with HTTPS, it would require a more talented attacker with a CA.

Comment 1 Cody Russell 2013-11-18 05:43:37 UTC

Not really sure where this belongs on Bugzilla (if anywhere), but it shouldn't be tagged as a Win32 bug.

Comment 2 Matthias Clasen 2014-05-22 00:40:08 UTC

I think

https://download.gnome.org/sources/gtk+/

is good enough ?