Project

General

Profile

Actions

Task #1987

open

Please use HTTPS for downloads to protect users

Added by Tom Delmas over 8 years ago. Updated over 5 years ago.

Status:
In Progress
Priority:
Normal
Assignee:
-
Category:
Mirrors
Target version:
-
Start date:
Due date:
% Done:

0%

Tags:
Documentation

Description

The link on the secure page
https://www.libreoffice.org/download/libreoffice-fresh/ for "Download Version 5.1.4"
launch download from the insecure HTTP link
http://ftp.free.fr/mirrors/documentfoundation.org/libreoffice/stable/5.1.4/win/x86/LibreOffice_5.1.4_Win_x86.msi
A Man in the Middle could replace the legitimate file by an infected one.
It's not realistic to except the user to check manually the checksum of the file.

I see at least two ways to correct that behavior:
Using only https mirrors is one solution. Another one could be a small downloader, downloaded from the https official website, that download from mirrors/torrent and check the checksum before install.

History of that problem: https://bugs.documentfoundation.org/show_bug.cgi?id=100824


Related issues

Related to Infrastructure - Task #2312: Avoid serving web content over http:// when possibleClosedGuilhem Moulin

Actions
Actions

Also available in: Atom PDF