OpenClonk Bugtracker - OpenClonk
View Issue Details
0001724OpenClonkWebsite - Automated Buildspublic2016-04-24 13:312019-01-27 21:36
Reportersphalerite 
Assigned ToLuchs 
PrioritynormalSeverityminorReproducibilityalways
StatusresolvedResolutionfixed 
PlatformOSOS Version
Product Version 
Target Version9.0Fixed in Version8.1 
Summary0001724: No secure download options
DescriptionNeither HTTPS downloads nor tarball signatures are available for download. This means that downloads can be MITMed to introduce malware and we have no way of verifying that the download has not been tampered with.
TagsNo tags attached.
Attached Files

Notes
(0005073)
Isilkor   
2016-04-24 13:34   

Reminder sent to: Clonk-Karl, Newton

CC'ing ck and Newton on this because the bare engine binaries themselves are available via HTTPS, just the snapshots aren't.
(0005075)
Newton   
2016-04-24 13:42   
Yes, our webhoster does not offer HTTPS (for a reasonable price). This won't change in the medium term.

The only option if we wanted HTTPS for the downloads would be to move the download archive and snapshots to Isilkor's server. I do not oppose this but of course this means to again rewrite all the release and snapshot build scripts.
If any of you two want to do this, you can notify CK or me so that we change the links on the website.

If not, this bug will be closed.
(0005076)
sphalerite   
2016-04-24 13:44   
I'd be all for signed tarballs as well, it makes redistribution easier, doesn't require HTTPS support from anyone, and doesn't rely on the PKI.
(0005125)
sphalerite   
2016-06-10 17:23   
Any chance of this happening?
(0005128)
Isilkor   
2016-06-15 10:34   
I'm all for moving the snapshots to autobuild.openclonk.org, which is already available via TLS only.
(0006201)
Luchs   
2019-01-27 21:36   
Website uses HTTPS now. Signed tarballs are imo not worth the effort (who verifies these anyways?).

Issue History
2016-04-24 13:31sphaleriteNew Issue
2016-04-24 13:31sphaleriteStatusnew => assigned
2016-04-24 13:31sphaleriteAssigned To => Isilkor
2016-04-24 13:34IsilkorNote Added: 0005073
2016-04-24 13:34IsilkorAssigned ToIsilkor =>
2016-04-24 13:34IsilkorStatusassigned => acknowledged
2016-04-24 13:42NewtonNote Added: 0005075
2016-04-24 13:44sphaleriteNote Added: 0005076
2016-06-10 17:23sphaleriteNote Added: 0005125
2016-06-15 10:34IsilkorNote Added: 0005128
2017-08-05 13:58MaikelTarget Version => 8.0
2017-08-20 11:40ZapperTarget Version8.0 => 9.0
2019-01-27 21:36LuchsAssigned To => Luchs
2019-01-27 21:36LuchsStatusacknowledged => resolved
2019-01-27 21:36LuchsResolutionopen => fixed
2019-01-27 21:36LuchsFixed in Version => 8.1
2019-01-27 21:36LuchsNote Added: 0006201