Re: HTTPS

From: Philippe Verdy via Unicode <unicode_at_unicode.org>
Date: Wed, 4 Oct 2017 22:55:20 +0200

continuousbuilds may just check the statue of the short shasums files to
know when one has changed, this would not use lot of bandwidth. Anyway if
your website supports HTTP mime requests for conditional downloads , or if
clients are using HEAD ratrher than GET requests to get metadata, this
saves a lot, without having to download again the same copy of large files.

2017-10-04 22:43 GMT+02:00 Steven R. Loomis via Unicode <unicode_at_unicode.org
>:

> Also just a public note. please do NOT fetch from unicode.org/Public as
> part of continuous builds (Jenkins, travis, etc). That's too much load for
> files that change *yearly*. Fetch one copy of the data and use your own
> copy until it is time to update.
>
> Yes, shasums and signatures are great. ICU (now part of Unicode) has been
> doing this for years. I just signed up this morning to provide such for
> CLDR data. So let's see about UCD data also.
>
> -s
>
>
> On Wed, Oct 4, 2017 at 2:14 AM, Mathias Bynens via Unicode <
> unicode_at_unicode.org> wrote:
>
>> unicode.org and www.unicode.org are now available over HTTPS. E.g.
>> https://unicode.org/Public/10.0.0/
>>
>> On Thu, Mar 6, 2014 at 3:54 PM, Robbert <mail_at_robbertbroersma.nl> wrote:
>>
>>> Hi,
>>>
>>> For tools that rely on the Unicode database it would be great if the
>>> databases were available over HTTPS as well:
>>> https://www.unicode.org/Public/6.3.0/
>>>
>>> In addition to this it would be helpful if the archive also contains
>>> SHA512 checksum files for each Unicode version to verify the integrity of
>>> databases that have already been downloaded (over HTTP), e.g.:
>>>
>>> https://www.unicode.org/Public/6.3.0/SHA512SUMS
>>>
>>> Mozilla already offers such checksums, although unfortunately not over
>>> HTTPS, but they can serve as an example.
>>>
>>> http://releases.mozilla.org/pub/mozilla.org/firefox/releases
>>> /27.0/SHA512SUMS
>>>
>>> I think this would improve the security of many libraries that directly
>>> and indirectly depend on Unicode.
>>>
>>> Kind regards,
>>> Robbert Broersma
>>> _______________________________________________
>>> Unicode mailing list
>>> Unicode_at_unicode.org
>>> http://unicode.org/mailman/listinfo/unicode
>>>
>>
>>
>
Received on Wed Oct 04 2017 - 15:56:03 CDT

This archive was generated by hypermail 2.2.0 : Wed Oct 04 2017 - 15:56:04 CDT