[Security issue] Installer is only provided via http (not https)

Makeblock-official / mBlock

base on scratch offline v2.0 by MIT, Learn more from Makeblock official website

http://www.makeblock.com

GNU General Public License v2.0

320 stars 228 forks source link

[Security issue] Installer is only provided via http (not https) #35

Closed green-coder closed 7 years ago

green-coder commented 8 years ago

Some users might feel not safe installing software distributed via http without any mean to know if it was altered between the website and the browser.

green-coder commented 8 years ago

A quick way to fix it could be to publish the SHA checkum of the installer on Github (which is using https) OR to use Github to serve the zip file (there is a release feature for that) as it is using https.

bigeyex commented 7 years ago

Github release added, solving this issue.