Details
I'm downloading some packages from VIPM.io manually (to ensure identical development environments), and I noticed that the downloads are done over http, not the secure https.
As I'm downloading software that will get installed on many systems, I am worried that this provides hackers an entry vector to get infected packages onto my systems.
Is there a plan to switch to HTTPS for these downloads, or is there any way to mitigate the risks?
Perhaps it's just a website template thingy, where someone didn't update 'http://' to 'https://'
Please sign in to leave a comment.