DMD downloads over HTTPS
Seb
seb at wilzba.ch
Thu Sep 26 22:51:32 UTC 2019
On Thursday, 26 September 2019 at 20:06:20 UTC, WebFreak001 wrote:
> hi, at the setup-dlang repository (GitHub Action for installing
> D in their CI environment) we are having a discussion about
> downloading DMD over HTTP could lead to MITM attacks. However
> downloads.dlang.org doesn't seem to have HTTPS available at all.
>
> Is there some possibility to add HTTPS support to
> downloads.dlang.org to make sure the downloads function
> properly? GnuPG isn't listed on the installed binaries in a
> GitHub Actions environment so it can't be called to check using
> the provided keyring (which would need to be updated every once
> in a while too)
>
> See the discussion at
> https://github.com/mihails-strasuns/setup-dlang/issues/5
It's possible to access it directly, e.g.
https://s3-us-west-2.amazonaws.com/downloads.dlang.org/releases/2.x/2.072.1/dmd_2.072.1-0_amd64.deb
Though this might break if the bucket gets moved to a different
region or if there would ever be switch to a different platform.
More information about the Digitalmars-d
mailing list