[jbosstools-issues] [JBoss JIRA] (JBDS-3754) Installer: redirect links for Vagrant and VirtualBox should use https
Denis Golovin (JIRA)
issues at jboss.org
Tue Oct 18 03:06:00 EDT 2016
[ https://issues.jboss.org/browse/JBDS-3754?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13308202#comment-13308202 ]
Denis Golovin commented on JBDS-3754:
-------------------------------------
Download over https is not available for virtualbox, that's why we use http redirect. There is https link but with invalid site certificate. In case of using http link we have sha256 to verify downloaded file to prevent 'man in the middle' attacks. I confirmed with Product Security team if http + checksum verification is good enough for public release. Not sure what else we can do here.
> Installer: redirect links for Vagrant and VirtualBox should use https
> ---------------------------------------------------------------------
>
> Key: JBDS-3754
> URL: https://issues.jboss.org/browse/JBDS-3754
> Project: Red Hat JBoss Developer Studio (devstudio)
> Issue Type: Enhancement
> Components: platform-installer
> Affects Versions: 9.1.0.CR1
> Reporter: Pavol Pitonak
> Assignee: Denis Golovin
> Priority: Blocker
> Labels: havoc
> Fix For: 10.2.0.AM2
>
>
> Installer's requirements.json file \[1] declares location of Vagrant and VirtualBox installers like these:
> {code}
> http://developers.redhat.com/redirect/to/vagrant-1.7.4.download
> http://developers.redhat.com/redirect/to/virtualbox-5.0.8.download
> {code}
> They should use *https* scheme.
> \[1] https://github.com/redhat-developer-tooling/developer-platform-install/blob/master/requirements.json
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jbosstools-issues
mailing list