|
|
|
|
|
|
by jakobegger
3862 days ago
|
|
|
Github provides an all in-one hosting solution for Open Source projects. You can host code, bug tracker, binaries, and the project website all on Github. I use it to host http://postgresapp.com, for example. It's extremely convenient. But there is one big gaping security hole: If your project page is served over plain HTTP, and people click on the download link, they are vulnerable to a man-in-the-middle attack. An attacker could change the link to point to a malicious binary instead. The only way to prevent this is to make sure that your customers don't access your website over HTTP. And this is why HTTPS support for Github pages is important. |
|
|