Hacker News new | ask | show | jobs
by jakobegger 3862 days ago
Isn't Github Pages hosted on S3? That would explain the lack of TLS on custom domains.

Anyway, this is a very major security flaw. Lots of software uses Github pages for the project website. If you put a download link on an unsecure page, you are putting all your customers st risk.
1 comments
manigandham 3862 days ago
Githug Pages is their own infrastructure for hosting files and static sites: http://githubengineering.com/rearchitecting-github-pages/

Also the download files themselves can be hosted on Github repos as releases which supports TLS.

link
jakobegger 3862 days ago
Hosting the downloads themselves via HTTPS is completely useless if the link to that file is transferred over HTTP.
link
manigandham 3862 days ago
Link to the repo/releases page...
link
jakobegger 3861 days ago
Jesus Christ, you really don't understand, do you?

If the original website is insecure, everything could be faked, including the link to the releases page.

If HN readers don't understand this, who does?

link