[Pharo-users] Securely downloading Pharo
me at wilfred.me.uk
Tue May 3 18:33:51 EDT 2016
Is there any way of downloading Pharo securely?
I'm trying to download Pharo itself over HTTPS, so I know I can trust the data:
$ wget https://files.pharo.org/platform/Pharo4.0-linux.zip
--2016-05-02 22:44:34-- https://files.pharo.org/platform/Pharo4.0-linux.zip
Resolving files.pharo.org (files.pharo.org)... 18.104.22.168
Connecting to files.pharo.org (files.pharo.org)|22.214.171.124|:443... connected.
OpenSSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Unable to establish SSL connection.
The excellent pharo zeroconf script doesn't seem available over HTTPS either:
$ curl https://get.pharo.org/vm50
curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Looking at the script itself, it's downloading files over HTTP from
files.pharo.org and executing them without verifying. I've explored
files.pharo.org, but I can't see any signatures or hashes (e.g.
sha256sum) of any of the files.
The pharo homepage is largely available at https://pharo.org/
(although some of the styling is missing due to being served over
Have I missed something? Would it be possible to provide HTTPS and/or
sha256sums for downloads?
More information about the Pharo-users