I mean… I would consider anywhere that you might download software from sensitive. This isn’t really a smart move. And sure, the mirror’s page they link to uses https, but if the regular site doesn’t a man-in-the-middle could change the url and serve an official looking malicious version… I wouldn’t consider putting your users at an elevated risk when it’s relatively easy to set up TLS “a smart move”.
You don’t need SSL if you’re not exchanging sensitive information.
If they aren’t exchanging sensitive information, then it’s less not giving a fuck and more not using technologies ‘just because’ everyone else is.
It’s a smart move.
I mean… I would consider anywhere that you might download software from sensitive. This isn’t really a smart move. And sure, the mirror’s page they link to uses https, but if the regular site doesn’t a man-in-the-middle could change the url and serve an official looking malicious version… I wouldn’t consider putting your users at an elevated risk when it’s relatively easy to set up TLS “a smart move”.
What do you think is stopping someone from doing this?