cakkineni
commented
10 years ago Hi @benmccann
Thanks for your suggestion. Right now we are not setup for https. Once we are setup, we will change the way downloads happen.
Chaitanya.
Open benmccann opened 10 years ago
cakkineni
commented
10 years ago Hi @benmccann
Thanks for your suggestion. Right now we are not setup for https. Once we are setup, we will change the way downloads happen.
Chaitanya.
todd-a-jacobs
commented
8 years ago +1 for this bug. A number of my clients won't even look at this project because it can't be retrieved from a secure URI, and there doesn't appear to be any out-of-band cryptographic signature to verify insecure downloads.
There really should be a better way to install Panamax than
curl http://download.panamax.io/installer/ubuntu.sh | bash. Because it is served over HTTP, an attacker can get you to install malicious software by swapping out the Panamax installer script with their own. I'd really like to see Panamax offer https download as installing any software over http is not a great idea.