Should package updates be downloaded over a secure transport (e.g. HTTPS) or not? The most likely transport-level failure is that the download will fail, e.g. middlebox blocked it, bad TLS config. Thus, I recommend trying both and not relying on transport later security at all.
Last I heard, yes, Omaha still falls back to HTTP. Chromium has a high degree of confidence in their integrity assurance mechanisms, including protection from fallback attacks, etc. Most other updaters I've seen have flaws.
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.