HTTPS

[ESIC-DA]

Since https://graphstream.github.io automatically redirects to http://graphstream-project.org/ when one navigates to the /download/ page the SHA256 sums are useless, since they are now served over http (and are therefore intercept-able).

Perhaps you could redirect users coming to the graphstream-project.org domain to the https://graphstream.github.io natively hosted since then https can be enforced

Or you could link to shasums hosted on a https server rather than posting them directly inline on the website.

Additionally, please provide download links that are https rather than http for the binaries themselves if at all possible.

Thanks!
-Dave

[gsavin]

Thanks Dave.

HTTPS with custom domain on GitHub Pages is still some trouble... We are working on fixing this, maybe with your solution.

[ESIC-DA]

Also, If you add binaries to the tagged releases on github (I'm not sure if you can edit existing releases to add the binaries, or if you have to have the binaries ready and then create the release via the github website), that makes it easy to have a verified place to download the jars over https from.

Thanks,
-Dave