DMD downloads over HTTPS
Seb
seb at wilzba.ch
Tue Oct 15 16:49:25 UTC 2019
On Tuesday, 15 October 2019 at 15:56:43 UTC, WebFreak001 wrote:
> On Thursday, 26 September 2019 at 21:26:38 UTC, Vladimir
> Panteleev wrote:
>> On Thursday, 26 September 2019 at 20:06:20 UTC, WebFreak001
>> wrote:
>>> [...]
>>
>> IIRC, the last time we looked into this, which admittedly was
>> many years ago, was that SSL was an additional paid feature
>> for the Amazon service we use to serve the downloads.
>>
>>> [...]
>>
>> The keyring is available over HTTPS, so the procedure we
>> currently recommend is to download that and use it to verify
>> the downloads. This is what e.g. the install.sh script does.
>>
>> BTW, GnuPG is a dependency for many other software (e.g.
>> attempting to remove it on Arch Linux pulls a long string of
>> dependencies making this impossible). It's possible that there
>> is an implied guarantee that GnuPG will be present on the CI
>> systems even though it is not explicitly listed.
>
> I think now it would be possible to set it up for free? As far
> as I can read these amazon docs it looks like pricing doesn't
> change with HTTPS:
> -
> https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https.html#CNAMEsAndHTTPS
> - https://aws.amazon.com/cloudfront/custom-ssl-domains/
You pay per GB - see e.g.
https://aws.amazon.com/cloudfront/pricing. This is vastly more
expensive than the public S3 bucket.
Anyhow, we could be sth. using GitHub releases like LDC or DUB.
It's free and they even use S3 buckets under the hood as well.
More information about the Digitalmars-d
mailing list