curl / Mailing Lists / curl-library / Single Mail

curl-library

non-HTTPS download links

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Mon, 18 Sep 2017 23:35:38 +0200 (CEST)

Hi

@hannob filed issue #1882 the other day about the large number of insecure
download links from our download page (https://curl.haxx.se/download.html)

It made me go through all the visible links, remove a few truly dead ones and
upgrade a whole bunch of them to HTTPS versions. Most of them are however
still HTTP or FTP since they're not available using a secure protocol.

My count says 38% of the current download links that we have stored are now
using HTTPS. I think that's far too few for us to consider killing off all
non-HTTPS links or something as radical as that, even if I of course would
rather have us have more HTTPS links.

I considered for a moment if we should add some symbol or something for
"unsafe" links, but I think we're better off leaving that responsibility to
the browsers and trust that users mostly already know this.

If you have ideas, thoughts or feedback on this I'm interested. I will
otherwise close the issue within soon as I don't think there's a lot more we
can do on this right now.

#1882: https://github.com/curl/curl/issues/1882

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Received on 2017-09-18

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: Multi-uv.c with custom class"
Previous message: Daniel Stenberg: "Re: [PATCH] curl: Fix compile warning on Fedora-14."

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]