search

dragotin / kraft

Kraft helps to handle your daily quotes and invoices in your small business.
http://volle-kraft-voraus.de
GNU General Public License v2.0
58 stars 18 forks source link

AppImage: No SSL encryption when downloading, no checksum or signature #118

Closed Moini closed 2 years ago

Moini commented 2 years ago

Hi - I'm getting a browser warning when I try to download the AppImage file from the openSUSE web address (the download uses http only, I can change it to https manually, though, after some browser acrobatics, e.g. https://downloadcontent.opensuse.org/repositories/home:/kfreitag:/KraftAppI/AppImage/kraft-0.97-lp151.39.1.Build14.82.glibc2.25-x86_64.AppImage for the current version).

Do you provide checksums or GPG signatures anywhere?

dragotin commented 2 years ago

No, and I really wonder why the openSUSE mirrorbrain does not have them at least in the details.

For the http vs https issue, see https://github.com/openSUSE/download.o.o/issues/26

I opened a bug report in the openSUSE download.o.o repo, please refer to that.

Moini commented 2 years ago

Thanks, @dragotin ! For everyone looking for that report, it's https://github.com/openSUSE/download.o.o/issues/37

Moini commented 2 years ago

(fun thing to see: https://github.com/openSUSE/download.o.o/commit/6fafe39975c3fe03ac7fd805a7923f67007b0d83 - it seems they rather accept fixes to the metadata than make the downloads secure... ? That's pretty weird. If I understood that correctly, that is.)