OpenClonk Bugtracker - OpenClonk
View Issue Details
0001724OpenClonkWebsite - Automated Buildspublic2016-04-24 13:312019-01-27 21:36
Assigned ToLuchs 
PlatformOSOS Version
Product Version 
Target Version9.0Fixed in Version8.1 
Summary0001724: No secure download options
DescriptionNeither HTTPS downloads nor tarball signatures are available for download. This means that downloads can be MITMed to introduce malware and we have no way of verifying that the download has not been tampered with.
TagsNo tags attached.
Attached Files

2016-04-24 13:34   

Reminder sent to: Clonk-Karl, Newton

CC'ing ck and Newton on this because the bare engine binaries themselves are available via HTTPS, just the snapshots aren't.
2016-04-24 13:42   
Yes, our webhoster does not offer HTTPS (for a reasonable price). This won't change in the medium term.

The only option if we wanted HTTPS for the downloads would be to move the download archive and snapshots to Isilkor's server. I do not oppose this but of course this means to again rewrite all the release and snapshot build scripts.
If any of you two want to do this, you can notify CK or me so that we change the links on the website.

If not, this bug will be closed.
2016-04-24 13:44   
I'd be all for signed tarballs as well, it makes redistribution easier, doesn't require HTTPS support from anyone, and doesn't rely on the PKI.
2016-06-10 17:23   
Any chance of this happening?
2016-06-15 10:34   
I'm all for moving the snapshots to, which is already available via TLS only.
2019-01-27 21:36   
Website uses HTTPS now. Signed tarballs are imo not worth the effort (who verifies these anyways?).

Issue History
2016-04-24 13:31sphaleriteNew Issue
2016-04-24 13:31sphaleriteStatusnew => assigned
2016-04-24 13:31sphaleriteAssigned To => Isilkor
2016-04-24 13:34IsilkorNote Added: 0005073
2016-04-24 13:34IsilkorAssigned ToIsilkor =>
2016-04-24 13:34IsilkorStatusassigned => acknowledged
2016-04-24 13:42NewtonNote Added: 0005075
2016-04-24 13:44sphaleriteNote Added: 0005076
2016-06-10 17:23sphaleriteNote Added: 0005125
2016-06-15 10:34IsilkorNote Added: 0005128
2017-08-05 13:58MaikelTarget Version => 8.0
2017-08-20 11:40ZapperTarget Version8.0 => 9.0
2019-01-27 21:36LuchsAssigned To => Luchs
2019-01-27 21:36LuchsStatusacknowledged => resolved
2019-01-27 21:36LuchsResolutionopen => fixed
2019-01-27 21:36LuchsFixed in Version => 8.1
2019-01-27 21:36LuchsNote Added: 0006201