[manigandham]

Githug Pages is their own infrastructure for hosting files and static sites: http://githubengineering.com/rearchitecting-github-pages/

Also the download files themselves can be hosted on Github repos as releases which supports TLS.

[jakobegger]

Hosting the downloads themselves via HTTPS is completely useless if the link to that file is transferred over HTTP.

[manigandham]

Link to the repo/releases page...

[jakobegger]

Jesus Christ, you really don't understand, do you?

If the original website is insecure, everything could be faked, including the link to the releases page.

If HN readers don't understand this, who does?