-
Notifications
You must be signed in to change notification settings - Fork 729
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Installer shell script downloads keys over HTTP (not HTTPS) #29
Comments
Good catch! Problem is we use S3 to host our repository so we can't get HTTPS for download.draios.com, so I'll just move the key to another location or use the full s3.amazonaws.com name. Thanks for reporting this! |
Meanwhile you can use https://s3.amazonaws.com/download.draios.com/DRAIOS-GPG-KEY.public |
So this should be fixed in 98e1970. Thanks! |
Awesome! Thanks for the quick response. On Thu, Apr 3, 2014 at 3:33 PM, Gianluca Borello
|
from the installer script:
curl -s http://download.draios.com/DRAIOS-GPG-KEY.public | apt-key add -
This is bad because there's no authentication; anyone could MITM this. HTTPS would solve this problem.
The text was updated successfully, but these errors were encountered: