[JBoss JIRA] (JBDS-3754) Installer: redirect links for Vagrant and VirtualBox should use https

Tuesday, 18 October 2016

    [
https://issues.jboss.org/browse/JBDS-3754?page=com.atlassian.jira.plugin....
] 

Denis Golovin commented on JBDS-3754:
-------------------------------------

Download over https is not available for virtualbox, that's why we use http redirect.
There is https link but with invalid site certificate. In case of using http link we have
sha256 to verify downloaded file to prevent 'man in the middle' attacks. I
confirmed with Product Security team if http + checksum verification is good enough for
public release. Not sure what else we can do here.

...
 Installer: redirect links for Vagrant and VirtualBox should use
https
 ---------------------------------------------------------------------

                 Key: JBDS-3754
                 URL: https://issues.jboss.org/browse/JBDS-3754
             Project: Red Hat JBoss Developer Studio (devstudio)
          Issue Type: Enhancement
          Components: platform-installer
    Affects Versions: 9.1.0.CR1
            Reporter: Pavol Pitonak
            Assignee: Denis Golovin
            Priority: Blocker
              Labels: havoc
             Fix For: 10.2.0.AM2

 Installer's requirements.json file \[1] declares location of Vagrant and VirtualBox
installers like these:
 {code}
 http://developers.redhat.com/redirect/to/vagrant-1.7.4.download
 http://developers.redhat.com/redirect/to/virtualbox-5.0.8.download
 {code}
 They should use *https* scheme.
 \[1]
https://github.com/redhat-developer-tooling/developer-platform-install/bl...

--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006