On 7/18/07, Douglas E. Warner <[EMAIL PROTECTED]> wrote: <snip that possibly takes things out of context> > > AMO does not provide SSL downloads for it's releases either - it's in the > exact same boat as Mozdev.org is. > > (Try for yourself - Addons hosted by AMO are served from > http://releases.mozilla.org/pub/mozilla.org/addons/; you won't be able to use > the HTTPS version). > I'd like to point out that, for the (hopefully typical) case of a Firefox user clicking on a Install link and immediately installing (and not downloading first then install, as is the case with Thunderbird &c), AMO's install buttons use InstallTrigger with a hash. This means that the mirror doesn't have to be secure (since the hash was transmitted over https, along with the page the user was seeing). Of course that still only protects a portion of the users...
This may or may not have any bearing on what mozdev wishes to do :p -- Mook mook dot moz plus stuff at gmail _______________________________________________ Project_owners mailing list Project_owners@mozdev.org http://mozdev.org/mailman/listinfo/project_owners
