Sign In

Details

I'm downloading some packages from VIPM.io manually (to ensure identical development environments), and I noticed that the downloads are done over http, not the secure https.

As I'm downloading software that will get installed on many systems, I am worried that this provides hackers an entry vector to get infected packages onto my systems.

Is there a plan to switch to HTTPS for these downloads, or is there any way to mitigate the risks?
Perhaps it's just a website template thingy, where someone didn't update 'http://' to 'https://'

Comments


Please sign in to leave a comment.