Currently, the website http://www.spice-space.org/ is not encrypted nor does it provide any signatures for downloads. This is an easy target for man-in-the-middle-attacks. Please 1. make this site available through HTTPS (and only HTTPS) 2. provide gpg signatures for downloads
(In reply to Christian Stadelmann from comment #0) > Currently, the website http://www.spice-space.org/ is not encrypted nor does > it provide any signatures for downloads. This is an easy target for > man-in-the-middle-attacks. > > Please > 1. make this site available through HTTPS (and only HTTPS) Yes, having https access has been on the TODO for a while > 2. provide gpg signatures for downloads Some downloads do have GPG signatures, see the .sig/.sign files on http://www.spice-space.org/download/releases/ , I agree this should be done for all new releases, which is far from being the case currently
I don't know if it can help. Somebody suggested this service to me https://letsencrypt.org/about/. But probably we can get a certificate from RedHat.
https://www.spice-space.org/download/ can now be accessed through https. There is one remaining issue with https://spice-space.org/download/ which uses an invalid certificate. We are trying to fix that.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.