[eschwartz]

Quote:

Originally Posted by BetterRed

See what you make of this ==>> ssl - Why aren't application downloads routinely done over HTTPS?

See attachment for file sizes - only msi 64-bit was same size

BR

Yep, generally a bad idea because it cannot be cached for better performance. We have the opposite problem here.

The other real issue is extra resources required for encrypting, which are a horrible drain on basic file servers. But on a site like GitHub which does a lot of intense stuff, this is less of an issue.

Same reason why Google upgraded their entire infrastructure to support SSL. They can handle it easily, and now go around proselytizing it.

Now, I don't think software should always be served https. That is what digitally signing the exe is for, and linux repos use, I think signed checksums. However, it doesn't hurt to have the option. If the calibre site used ssl, most people would never know because it wouldn't be forced. And people with problems could be directed as needed. Alternatively, GitHub is a nice out-of-the-way place with free bandwidth to serve the fringe cases in the same manner.

Options are always good. And this one seems pretty feasible.