It isn't just web sites. Many software repos still use http or native rsync. Som... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

LinuxBender on Dec 17, 2019 | parent | context | favorite | on: Still Why No HTTPS?

It isn't just web sites. Many software repos still use http or native rsync. Some would argue that you validate the packages with GPG, but you would be amazed if you saw how many people install the GPG public key from the same mirror they download software from.

surge on Dec 17, 2019 [–]

Gradle, granted they're fixing it.

https://blog.gradle.org/decommissioning-http

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact