Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[security] Insecure updates? #7234

Closed
taoeffect opened this issue Feb 18, 2015 · 1 comment
Closed

[security] Insecure updates? #7234

taoeffect opened this issue Feb 18, 2015 · 1 comment
Labels
duplicate For issues that already existed in our issue tracker and were reported previously.

Comments

@taoeffect
Copy link

I just saw on one of the update screens that piwik is downloading its .zip update over HTTP?

Is that a typo or is that actually happening? If it's actually happening, do you have a pinned key that you use to verify updates?

If you are not securing your updates, you are potentially spreading malware onto any server that runs your software.
@mattab
Copy link
Member

mattab commented Feb 18, 2015

#6441

@mattab mattab closed this as completed Feb 18, 2015
@mattab mattab added the duplicate For issues that already existed in our issue tracker and were reported previously. label Feb 18, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
duplicate For issues that already existed in our issue tracker and were reported previously.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@taoeffect @mattab