subject:"\[krita\] \[Bug 363110\] Insecure download for pre\-built Krita \(especially the beta version\)"

[krita] [Bug 363110] Insecure download for pre-built Krita (especially the beta version)

2016-05-17 Thread _Vi

https://bugs.kde.org/show_bug.cgi?id=363110

--- Comment #5 from Vitaly "_Vi" Shukela  ---
One more idea: include magnet links. A file downloaded from magnet link
(obtained securely, of course) should be secure.

-- 
You are receiving this mail because:
You are watching all bug changes.

[krita] [Bug 363110] Insecure download for pre-built Krita (especially the beta version)

2016-05-17 Thread Boudewijn Rempt via KDE Bugzilla

https://bugs.kde.org/show_bug.cgi?id=363110

--- Comment #4 from Boudewijn Rempt  ---
I've talked to the system administrators. The problem is that files.kde.org is
a redirector to mirror services, and that doesn't play well with https. As for
the sha1sums, whenever I add them to the release announcements I get confused
mails from users asking me what they should do with them...

-- 
You are receiving this mail because:
You are watching all bug changes.

[krita] [Bug 363110] Insecure download for pre-built Krita (especially the beta version)

2016-05-17 Thread Boudewijn Rempt via KDE Bugzilla

https://bugs.kde.org/show_bug.cgi?id=363110

Boudewijn Rempt  changed:

   What|Removed |Added

 CC||b...@valdyas.org

--- Comment #3 from Boudewijn Rempt  ---
We do not maintain files.kde.org, so there is nothing we can do about it. The
KDE system administrators are moving all sites to https, but they're not done
yet.

-- 
You are receiving this mail because:
You are watching all bug changes.

[krita] [Bug 363110] Insecure download for pre-built Krita (especially the beta version)

2016-05-16 Thread _Vi

https://bugs.kde.org/show_bug.cgi?id=363110

--- Comment #2 from Vitaly "_Vi" Shukela  ---
Then links to those mirrorlists should be visible on download page, like this:

* Linux Bleeding Edge Appimage Download (mirros and checksums)
* Linux Bleeding Edge Appimage Download (legacy distros) (mirros and
checksums)

Also your link to mirrorlist is HTTP (not HTTPS). It means checksums may be
also faked.
Changing the link to https makes 404.

-- 
You are receiving this mail because:
You are watching all bug changes.

[krita] [Bug 363110] Insecure download for pre-built Krita (especially the beta version)

2016-05-16 Thread wolthera via KDE Bugzilla

https://bugs.kde.org/show_bug.cgi?id=363110

wolthera  changed:

   What|Removed |Added

 Resolution|--- |INVALID
 Status|UNCONFIRMED |RESOLVED
 CC||griffinval...@gmail.com

--- Comment #1 from wolthera  ---
If you add .mirrorlist to the end of the url you get all that info:
http://files.kde.org/krita/3/linux/devbuilds/krita-3.0-Beta-master-562442e-x86_64.appimage.mirrorlist

-- 
You are receiving this mail because:
You are watching all bug changes.

[krita] [Bug 363110] Insecure download for pre-built Krita (especially the beta version)

[krita] [Bug 363110] Insecure download for pre-built Krita (especially the beta version)

[krita] [Bug 363110] Insecure download for pre-built Krita (especially the beta version)

[krita] [Bug 363110] Insecure download for pre-built Krita (especially the beta version)

[krita] [Bug 363110] Insecure download for pre-built Krita (especially the beta version)

5 matches

Site Navigation

Mail list logo

Footer information