This is a security issue. For example this announcement of 0.11.9 availability (http://blog.nodejs.org/2013/11/20/node-v0-11-9-unstable/) is served in plaintext, such that the SHA1 signatures can be tempered along with the binaries to run arbitrary code on the target machine. Note that there is no option to access any resource on *.nodejs.org via HTTPS
Please enable HTTPS on this site. Additionally, please provide checksums using algorithms other than SHA1, such as SHA256. -- -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
