This repository has been archived by the owner on Nov 5, 2024. It is now read-only.

Security Concern about downloading packages from github #95

Open

NGenetzky opened this issue Sep 30, 2018 · 0 comments

NGenetzky commented Sep 30, 2018

Context:

DOWNLOAD https://raw.githubusercontent.com/c9/install/master/packages/*

Problem:

Download is not locked down to a particular revision (master)
Download integrity is not verified.

I am no security expert but I would be happy to elaborate on why these are problems if desired.

The text was updated successfully, but these errors were encountered:

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.