search

boxcutter / windows

Virtual machine templates for Windows written in legacy JSON and Batch Scripting/JScript
Apache License 2.0
756 stars 264 forks source link

Several downloads via http without TLS (https), security issue #172

Closed dragetd closed 4 years ago

dragetd commented 5 years ago

Some links in documents and several scripts download resources via HTTP without TLS. For the Microsoft Schema definitions this is irrelevant. Also the ISO download links (which and invalid anyways) there is a checksum check.

But on other occations there are just HTTP links where software is downloaded, which is a security problem.

Even the README.md links to http://www.smartystreets.com instead of https://smartystreets.com.

If nobody objects, I will go through all HTTP:// links and check if they can be updated to https and create a PR. :)

arizvisa commented 4 years ago

Do you mind if I close this and mark it as a duplicate of #177?

dragetd commented 4 years ago

Yes, let is discuss there! :-)

arizvisa commented 4 years ago

Marked as a duplicate of #177.