[Issue 22950] SECURITY: install.sh uses unsafe HTTP to download LATEST - D Programming Language Discussion Forum

Forums

New users
- Learn
Community
- General
- Announce
Improvements
- DIP Ideas
- DIP Devel.
Ecosystem
- GDC
- LDC
- Debuggers
- IDEs
- DWT
Development
- Internals
- Issues
- Beta
- DMD
- Phobos
- Druntime
- Study
Turkish
- Genel
- Duyuru

Index » Issues » [Issue 22950] SECURITY: install.sh uses unsafe HTTP to download LATEST

Thread overview

[Issue 22950] SECURITY: install.sh uses unsafe HTTP to download LATEST
Mar 28, 2022 Paolo Montesel
Jul 18, 2022 Iain Buclaw
Jul 18, 2022 Mike Parker
Dec 17, 2022 Iain Buclaw
Jan 02, 2023 Iain Buclaw

March 28, 2022

[Issue 22950] SECURITY: install.sh uses unsafe HTTP to download LATEST

Posted by Paolo Montesel

Paolo Montesel

https://issues.dlang.org/show_bug.cgi?id=22950

Paolo Montesel <vuoto17+dlang@hotmail.it> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|install.sh uses unsafe HTTP |SECURITY: install.sh uses
                   |to download LATEST          |unsafe HTTP to download
                   |                            |LATEST

--

July 18, 2022

[Issue 22950] SECURITY: install.sh uses unsafe HTTP to download LATEST

Posted by Iain Buclaw

Iain Buclaw

https://issues.dlang.org/show_bug.cgi?id=22950

Iain Buclaw <ibuclaw@gdcproject.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |ibuclaw@gdcproject.org

--- Comment #1 from Iain Buclaw <ibuclaw@gdcproject.org> ---
This is on the Foundation's radar.  The plan is to take control of (well, fork) the downloads.dlang.org site, and make it https with http-redirect.

--

July 18, 2022

[Issue 22950] SECURITY: install.sh uses unsafe HTTP to download LATEST

Posted by Mike Parker

Mike Parker

https://issues.dlang.org/show_bug.cgi?id=22950

Mike Parker <aldacron@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |aldacron@gmail.com

--- Comment #2 from Mike Parker <aldacron@gmail.com> ---
> (P.S.: Is `security@dlang.org` still in existence? I found it linked on dlang.org, but I couldn't deliver my email)

That was an oversight when we moved away from self-hosting our dlang.org emails. I'll get it set up again. Thanks!

--

December 17, 2022

[Issue 22950] SECURITY: install.sh uses unsafe HTTP to download LATEST

Posted by Iain Buclaw

Iain Buclaw

https://issues.dlang.org/show_bug.cgi?id=22950

Iain Buclaw <ibuclaw@gdcproject.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Priority|P1                          |P2

--

January 02, 2023

[Issue 22950] SECURITY: install.sh uses unsafe HTTP to download LATEST

Posted by Iain Buclaw

Iain Buclaw

https://issues.dlang.org/show_bug.cgi?id=22950

Iain Buclaw <ibuclaw@gdcproject.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #3 from Iain Buclaw <ibuclaw@gdcproject.org> ---
Fixed in https://github.com/dlang/installer/pull/525

--

Top | Forum index | About this forum

Copyright © 1999-2021 by the D Language Foundation