On 2/4/15, 9:14 AM, "OmPrakash Muppirala" <bigosma...@gmail.com> wrote:
>On Feb 4, 2015 9:03 AM, "Alex Harui" <aha...@adobe.com> wrote: >> >> In another thread, I think Tom C says we should be using https to >>deliver >> all of our bits, which we aren’t today. What do folks think? > >-1. We are already doing MD5 checks on downloaded artifacts. I am not >sure what benefit https is going to add here. It looks like we currently pull our MD5 files over https. So changing to pull the installer config files over http probably just means folks will get stuck on the MD5 fetch. Does changing the MD5 download to HTTP make it unsecure? -Alex