GNOME Bugzilla – Bug 682641
Offer GTK+ packages over SSL?
Last modified: 2014-05-22 00:40:08 UTC
It would be nice if GTK+ packages were available over HTTPS (SSL/TLS). Users currently have no way to verify the downloaded packages are not backdoored by the network; at least with HTTPS, it would require a more talented attacker with a CA.
Not really sure where this belongs on Bugzilla (if anywhere), but it shouldn't be tagged as a Win32 bug.
I think https://download.gnome.org/sources/gtk+/ is good enough ?