Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Rjevski

Pages: [1]
Thanks for your reply.

Yes I remember trying the HTTPS URL and seeing the self-signed certificate. It helps a bit but still doesn't fully mitigate the risk.

When using software in production I do my best to ensure there's no risk of accidentally ending up with malicious code thanks to an MITM attack. Most software nowadays is distributed over a secure channel (whether HTTPS or HTTP with signatures verified out of band, like Debian's APT that uses GPG keys for this) so I was hoping it would be the same for Yate.


Does anyone know how can I get a copy of the YATE source via a secure channel such as HTTPS?

At the moment it seems like both binary downloads and SVN go over unencrypted HTTP.


Pages: [1]