I think Bob has a point. I don't think HTTPS helps that much. Isn't the issue that somebody could generate a new binary that has a SHA1 that matches the real binary?
On Wednesday, July 5, 2017 at 10:30:24 PM UTC+1, Thomas Broyer wrote: > > This is not wrong, but not a real vulnerability either I believe, if only > because, to begin with, downloads are made through HTTPS. > (Don't take my words for granted though, I'm not a security expert) > > Wrt your first question, have a look at > http://www.gwtproject.org/makinggwtbetter.html > You could post to the GWT Contributors group, or file an issue on > gwtproject/gwt. > -- You received this message because you are subscribed to the Google Groups "GWT Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/google-web-toolkit. For more options, visit https://groups.google.com/d/optout.
