redis.io HTTPS support, a littlebit more security.
42 views
Skip to first unread message
Marvin R.
Jun 22, 2016, 11:55:45 AM6/22/16
to Redis DB
Hi,
I'm regularly downloading redis stable from redis.io and compiling it on all my remote machines.
I would feel a littlebit safer if redis.io would support https at least optionally so that commands like
would work.
If there are any other recommendations for keeping sure my source code is really from redis.io let me know.
Bye,
Marvin
The Real Bill
Jun 23, 2016, 12:38:17 AM6/23/16
to Redis DB
Well you could go to the GitHub repository for Redis: https://github.com/antirez/redis
Cheers,
Bill
Dmitry E.
Jul 28, 2016, 1:53:57 PM7/28/16
to Redis DB
I second this. It's certainly possible to pull the latest code from Github, however, for an automated install script I need a way to securely download and verify a distribution in the form of an archive.
Right now the section on verification says this:
> The Github repository redis-hashes contains a README file with SHA1 digests of released tarball archives. Note: the generic redis-stable.tar.gz tarball does not match any hash because it is modified to untar to the redis-stable directory.
So the download goes over plain HTTP, and there's no way to verify the result?
The alternative is to use a link to a specific version, but I don't want to have to change my devops scripts on every Redis release.
Right now the section on verification says this:
> The Github repository redis-hashes contains a README file with SHA1 digests of released tarball archives. Note: the generic redis-stable.tar.gz tarball does not match any hash because it is modified to untar to the redis-stable directory.
So the download goes over plain HTTP, and there's no way to verify the result?
The alternative is to use a link to a specific version, but I don't want to have to change my devops scripts on every Redis release.
Reply all
Reply to author
Forward
0 new messages