Uploaded image for project: 'Red Hat Developer Website'
  1. Red Hat Developer Website
  2. DEVELOPER-646

Official product downloads lack https URLs and checksums

This issue belongs to an archived project. You can view it, but you can't modify it. Learn more

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • None
    • None
    • None

      I noticed that on the new jboss.org site:

      http://www.jboss.org/products/

      People can now download our official product bits. The initial download URL, e.g.:

      http://www.jboss.org/download-manager/file/jboss-eap-6.2.0.GA-installer.jar

      Has a http URL. While you are eventually redirected to download the actual bits from access.cdn.redhat.com, it doesn't look good from a security perspective that the initial download link is not https. Could you please make all such download links use https?

      There are also no checksums provided to verify the product bits. Please show checksums for all downloads, similar to CSP, e.g.:

      https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=26463&product=appplatform&version=6.2.0&downloadType=distributions

              dcoughlin1 Daniel Coughlin (Inactive)
              dfj_jira David Jorm (Inactive)
              Archiver:
              rhn-support-ceverson Clark Everson

                Created:
                Updated:
                Resolved:
                Archived: