Skip Menu |

This queue is for tickets about the Perl-Dist-Strawberry CPAN distribution.

Report information
The Basics
Id: 124085
Status: resolved
Priority: 0/
Queue: Perl-Dist-Strawberry
People
Owner: Nobody in particular
Requestors: michele.cicciotti [...] pynlab.com
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Mon Jan 15 08:11:14 2018 michele.cicciotti [...] pynlab.com - Ticket created
Subject: No/broken HTTPS support for strawberryperl.com
Date: Mon, 15 Jan 2018 14:10:57 +0100
To: bug-Perl-Dist-Strawberry [...] rt.cpan.org
From: Michele Cicciotti <michele.cicciotti [...] pynlab.com>
strawberryperl.com, including (especially) the downloads, is only available over plaintext HTTP. Considering that the downloads have neither internal (Authenticode) nor external (GPG) signatures, at least the download channel should be protected against tampering. Right now, strawberryperl.com does respond to HTTPS, but it's clearly not configured, as it uses what appears to be the hosting provider's default certificate Should you add HTTPS support (which is free and easy to set up, thanks to services like Let's Encrypt <https://letsencrypt.org>), make sure to test your configuration using Qualys's SSL Server Test <https://www.ssllabs.com/ssltest/>, because it's tricky to get right
  Mon Jul 09 04:50:13 2018 kmx [...] cpan.org - Correspondence added
I know about this issue see https://github.com/StrawberryPerl/strawberryperl.com/issues/11
  Mon Jul 09 04:50:13 2018 The RT System itself - Status changed from 'new' to 'open'
  Mon Jul 09 04:50:13 2018 kmx [...] cpan.org - Status changed from 'open' to 'resolved'