#43 ✓invalid

GPG Keychain Access uses plain HTTP to fetch updates

Reported by abhr | April 9th, 2011 @ 03:58 AM | in 1.2 (closed)

Hi guys,
it seems like Sparkle is not configured to fetch updates via HTTPS. Since you seem to already be using AWS, may I suggest implementing S3 for updates directly and not cloudfront? It will prevent from the update being hijacked.


Comments and changes to this ticket

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Shared Ticket Bins

People watching this ticket