Anonymous Login
2021-09-18 03:46 UTC

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0001724OpenClonkWebsite - Automated Buildspublic2019-01-27 21:36
Assigned ToLuchs 
Product Version 
Target Version9.0Fixed in Version8.1 
Summary0001724: No secure download options
DescriptionNeither HTTPS downloads nor tarball signatures are available for download. This means that downloads can be MITMed to introduce malware and we have no way of verifying that the download has not been tampered with.
TagsNo tags attached.
Attached Files




Isilkor (developer)

Reminder sent to: Clonk-Karl, Newton

CC'ing ck and Newton on this because the bare engine binaries themselves are available via HTTPS, just the snapshots aren't.


Newton (administrator)

Yes, our webhoster does not offer HTTPS (for a reasonable price). This won't change in the medium term.

The only option if we wanted HTTPS for the downloads would be to move the download archive and snapshots to Isilkor's server. I do not oppose this but of course this means to again rewrite all the release and snapshot build scripts.
If any of you two want to do this, you can notify CK or me so that we change the links on the website.

If not, this bug will be closed.


sphalerite (reporter)

I'd be all for signed tarballs as well, it makes redistribution easier, doesn't require HTTPS support from anyone, and doesn't rely on the PKI.


sphalerite (reporter)

Any chance of this happening?


Isilkor (developer)

I'm all for moving the snapshots to, which is already available via TLS only.


Luchs (administrator)

Website uses HTTPS now. Signed tarballs are imo not worth the effort (who verifies these anyways?).

-Issue History
Date Modified Username Field Change
2016-04-24 13:31 sphalerite New Issue
2016-04-24 13:31 sphalerite Status new => assigned
2016-04-24 13:31 sphalerite Assigned To => Isilkor
2016-04-24 13:34 Isilkor Note Added: 0005073
2016-04-24 13:34 Isilkor Assigned To Isilkor =>
2016-04-24 13:34 Isilkor Status assigned => acknowledged
2016-04-24 13:42 Newton Note Added: 0005075
2016-04-24 13:44 sphalerite Note Added: 0005076
2016-06-10 17:23 sphalerite Note Added: 0005125
2016-06-15 10:34 Isilkor Note Added: 0005128
2017-08-05 13:58 Maikel Target Version => 8.0
2017-08-20 11:40 Zapper Target Version 8.0 => 9.0
2019-01-27 21:36 Luchs Assigned To => Luchs
2019-01-27 21:36 Luchs Status acknowledged => resolved
2019-01-27 21:36 Luchs Resolution open => fixed
2019-01-27 21:36 Luchs Fixed in Version => 8.1
2019-01-27 21:36 Luchs Note Added: 0006201
+Issue History