Hey Ivan, Both URLs are https.
https://github.com/macvim-dev/macvim/blob/7a04d45bec06ce4fd52a7fa127993d98ed023583/src/MacVim/Info.plist#L1308-L1309 enclosure url https://raw.githubusercontent.com/macvim-dev/macvim/gh-pages/appcast/latest.xml Kazuki On Wed, Feb 10, 2016 at 5:27 PM, Ivan Wang <[email protected]> wrote: > Hi all, > > A quick check shows MacVim's autoupdate is done with Sparkle framework at > 1.13.0. > > Given the recent turmoil of Sparkle MitM proof of concept (see: > https://sparkle-project.org/documentation/security/), is MacVim vulnerable? > MacVim up until Snapshot 96 's using vulnerable version of Sparkle, but not > sure about http or https. > > Thanks > Ivan. > > -- > -- > You received this message from the "vim_mac" maillist. > Do not top-post! Type your reply below the text you are replying to. > For more information, visit http://www.vim.org/maillist.php > > --- > You received this message because you are subscribed to the Google Groups > "vim_mac" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- -- You received this message from the "vim_mac" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_mac" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
