Show Posts
1
Installation from packets/SVN/.exe/AppStore / Re: Downloading YATE source code over HTTPS
« on: June 02, 2020, 02:56:10 PM »
Thanks for your reply.
Yes I remember trying the HTTPS URL and seeing the self-signed certificate. It helps a bit but still doesn't fully mitigate the risk.
When using software in production I do my best to ensure there's no risk of accidentally ending up with malicious code thanks to an MITM attack. Most software nowadays is distributed over a secure channel (whether HTTPS or HTTP with signatures verified out of band, like Debian's APT that uses GPG keys for this) so I was hoping it would be the same for Yate.
Yes I remember trying the HTTPS URL and seeing the self-signed certificate. It helps a bit but still doesn't fully mitigate the risk.
When using software in production I do my best to ensure there's no risk of accidentally ending up with malicious code thanks to an MITM attack. Most software nowadays is distributed over a secure channel (whether HTTPS or HTTP with signatures verified out of band, like Debian's APT that uses GPG keys for this) so I was hoping it would be the same for Yate.