You can verify that the files are correct with the gpg keys,

CC: (none) => tmb

there is https on www.mageia.org but it seems to not work. I will look at it, as this on zarb side.

CC: (none) => misc

Mhh since the website is on zarb, we cannot place our wildcart cert there. So this will have to wait until we move to our servers.

(In reply to comment #3)
> Mhh since the website is on zarb, we cannot place our wildcart cert there. So
> this will have to wait until we move to our servers.

I understand moving is still in progress

CC: (none) => marja11

https://www.mageia.org/ is available, but not used as default. Checksums are indeed directly provided, but I don't see an easy case to make the visitor switch to https here.

CC: (none) => rdalverny

This is really easy with PHP.  I have example code somewhere, but I there should be plenty of code on the net.

I'm not sure if there is a simple way to do it with Apache unless you use a scripting language.

CC: (none) => jeffrobinsSAE

I know that. :-p What I mean is that the user flow is the following:

a) lands on home, goes to downloads page
b) lands on downloads page, click to get a specific ISO/file
c) langs on the download page redirector which shows various info about download, including the checksums, then redirects in JS to the very file to download.

We can't force/control whether the user is using https in a) and b). We could force the link to https for c) but is it worth the load? (why not, there's plenty of things to improve the website perf anyway).

I don't know that the increase in load will be that great, most websites that I have heard of switching to https exclusively (google, facebook, twitter, etc), reported only about a 1% to 2% increase in server load.

TBH, I would be much happier if the entire website was in https, but that's just on principle.

Already fixed in the past.

Resolution: (none) => FIXED
Status: NEW => RESOLVED
CC: (none) => filip.komar