Community-edition: rambox.pro is not https, binaries are unverifiable
The actual download link appears to support (but not require) HTTPS ( https://getrambox.herokuapp.com ) but the github page doesn't link there. It instead links to http://rambox.pro which presents a github.com certificate when contacted on port 443. So, to find the HTTPS download link, users currently must rely on the HTTP-only website.
Please (1) provide a way for users to download rambox over HTTPS, (2) stop providing ways for people to download rambox without HTTPS, (3) provide PGP or other signatures on your binaries so that users can verify the integrity without relying solely on HTTPS, and (4) see if it is possible to build rambox reproducibly. Thanks!
leif
All 4 comments
Still an issue with the HTTPS cert being from github, and not for rambox.pro.
Also can be tied back to #1044
Is there a timeline for when the SSL cert will be resolved?
ozskywalker
on 4 May 2018
Just ran across this, worth considering?
https://blog.github.com/2018-05-01-github-pages-custom-domains-https/
ozskywalker
on 4 May 2018
All webpages should be https 馃帀
https://twitter.com/ramboxapp/status/993949621029236736
Ash258
on 8 Jun 2018
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
![lock[bot] picture](https://avatars1.githubusercontent.com/in/6672?v=4&s=40)
lock[bot]
on 25 Oct 2018
Related issues
jamy015
路
4Comments
mforcer
路
3Comments
arnauldb
路
4Comments
soulchainer
路
3Comments
menzow
路
4Comments
Most helpful comment
All webpages should be https 馃帀
https://twitter.com/ramboxapp/status/993949621029236736