[sword-devel] Please support HTTPS repositories.
manfred.bergmann at me.com
Sat Jan 29 15:02:44 EST 2022
> Am 16.01.2022 um 04:44 schrieb Greg Hellings <greg.hellings at gmail.com>:
> It is a shame that FTP has gotten such a bad rap. Yes, it's plaintext but there ARE times when encryption is unnecessary and just a burden. This is one of those times.
Indeed. However, in this case the use of HTTPS would ensure the trust that the server side is who it claims to be.
Of course this doesn’t say anything about the module files.
But this would create some trust for the downloaded modules as well.
Doing this with FTP is tricky. One could create signatures of the modules and allow the client to download and compare those, but one could only trust the signatures if the server can be trusted where those were downloaded.
More information about the sword-devel