Links to VIPM packages on VIPM website all use HTTP links instead of the more secure HTTPS

Another Idea shared 1 year, 11 months ago by Sebastiaan

Details

I'm downloading some packages from VIPM.io manually (to ensure identical development environments), and I noticed that the downloads are done over http, not the secure https.

As I'm downloading software that will get installed on many systems, I am worried that this provides hackers an entry vector to get infected packages onto my systems.

Is there a plan to switch to HTTPS for these downloads, or is there any way to mitigate the risks?
Perhaps it's just a website template thingy, where someone didn't update 'http://' to 'https://'

Comments

Sebastiaan The https certificate works, it is just the template to the download link that is missing the 'https' prefix, should be easy to fix

• Reply • 1 year

Please sign in to leave a comment.