Sign Up

Details

I'm downloading some packages from VIPM.io manually (to ensure identical development environments), and I noticed that the downloads are done over http, not the secure https.

As I'm downloading software that will get installed on many systems, I am worried that this provides hackers an entry vector to get infected packages onto my systems.

Is there a plan to switch to HTTPS for these downloads, or is there any way to mitigate the risks?
Perhaps it's just a website template thingy, where someone didn't update 'http://' to 'https://'

Comments

Sebastiaan The https certificate works, it is just the template to the download link that is missing the 'https' prefix, should be easy to fix
  1
 •  Reply34m

Please sign in to leave a comment.