I mean… I would consider anywhere that you might download software from sensitive. This isn’t really a smart move. And sure, the mirror’s page they link to uses https, but if the regular site doesn’t a man-in-the-middle could change the url and serve an official looking malicious version… I wouldn’t consider putting your users at an elevated risk when it’s relatively easy to set up TLS “a smart move”.
ngl, I love how “I don’t give a fuck” the slackware authors are, they didn’t even bother with https on their official website.
I love how their official “support” page links to a website that includes this:
https://www.steubentech.com/~talon/desktop/
lmao this is exactly the image that would pop into my head if I imagine a Slackware user in 2023.
You don’t need SSL if you’re not exchanging sensitive information.
If they aren’t exchanging sensitive information, then it’s less not giving a fuck and more not using technologies ‘just because’ everyone else is.
It’s a smart move.
I mean… I would consider anywhere that you might download software from sensitive. This isn’t really a smart move. And sure, the mirror’s page they link to uses https, but if the regular site doesn’t a man-in-the-middle could change the url and serve an official looking malicious version… I wouldn’t consider putting your users at an elevated risk when it’s relatively easy to set up TLS “a smart move”.
What do you think is stopping someone from doing this?