HTTPS
Steven R. Loomis via Unicode
unicode at unicode.org
Wed Oct 4 15:43:25 CDT 2017
Also just a public note. please do NOT fetch from unicode.org/Public as
part of continuous builds (Jenkins, travis, etc). That's too much load for
files that change *yearly*. Fetch one copy of the data and use your own
copy until it is time to update.
Yes, shasums and signatures are great. ICU (now part of Unicode) has been
doing this for years. I just signed up this morning to provide such for
CLDR data. So let's see about UCD data also.
-s
On Wed, Oct 4, 2017 at 2:14 AM, Mathias Bynens via Unicode <
unicode at unicode.org> wrote:
> unicode.org and www.unicode.org are now available over HTTPS. E.g.
> https://unicode.org/Public/10.0.0/
>
> On Thu, Mar 6, 2014 at 3:54 PM, Robbert <mail at robbertbroersma.nl> wrote:
>
>> Hi,
>>
>> For tools that rely on the Unicode database it would be great if the
>> databases were available over HTTPS as well:
>> https://www.unicode.org/Public/6.3.0/
>>
>> In addition to this it would be helpful if the archive also contains
>> SHA512 checksum files for each Unicode version to verify the integrity of
>> databases that have already been downloaded (over HTTP), e.g.:
>>
>> https://www.unicode.org/Public/6.3.0/SHA512SUMS
>>
>> Mozilla already offers such checksums, although unfortunately not over
>> HTTPS, but they can serve as an example.
>>
>> http://releases.mozilla.org/pub/mozilla.org/firefox/releases
>> /27.0/SHA512SUMS
>>
>> I think this would improve the security of many libraries that directly
>> and indirectly depend on Unicode.
>>
>> Kind regards,
>> Robbert Broersma
>> _______________________________________________
>> Unicode mailing list
>> Unicode at unicode.org
>> http://unicode.org/mailman/listinfo/unicode
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://unicode.org/pipermail/unicode/attachments/20171004/8656ab50/attachment.html>
More information about the Unicode
mailing list