Opened 9 years ago
Closed 9 years ago
#15469 closed defect (duplicate)
No secure way to download binaries or source code versions
| Reported by: | SpamapS | Owned by: | |
|---|---|---|---|
| Component: | guest additions | Version: | VirtualBox 5.0.20 |
| Keywords: | security trust download | Cc: | |
| Guest type: | other | Host type: | other |
Description
Hello! I cannot seem to find any PGP signatures on any of your binaries or source code releases, nor can I find an https URL that would allow me to even trust downloading any of your code over the internet, with the exception of your SVN server. The SVN server would be helpful, if you had tags in your svn repository, but you do not, so one can only build from trunk or try to fish around in all the commits to find a release. But one can't know what the release is, because any source of release code content is unprotected by https.
Please just sign your binaries and code releases, and/or provide https download urls. Thanks!
Note:
See TracTickets
for help on using tickets.
https downloads are currently not possible. As written on the download page you can use the provided SHA256SUMs file to check the integrity of your downloaded binary. Request for supporting https downloads already exists, therefore closing this ticket.