Or just validate the binary you download then none of this even matters—for this or any other sort of potential vulnerability, your updater will never end up running untrusted software with escalated privileges.
HTTPS is providing confidentiality, and authentication.
The confidentiality doesn’t really matter here. You’re distributing a software installer. There’s a good chance you’ll give a copy to anyone that visits your website and wants to use your software. And you’re not hiding what you’re downloading in any meaningful way.
The authentication is important. That prevents someone from, say, sending the user a completely different binary and having your software run it.
The authentication could just as easily be solved by signing the files you distribute and validating the signature of the downloaded update before running it.
(Hell, if you’re signing your installers (likely) it could be as simple as deferring to Windows’ WinVerifyTrust method and a check that the certificate used is actually your own.)
nucleardog|1 year ago
HTTPS is providing confidentiality, and authentication.
The confidentiality doesn’t really matter here. You’re distributing a software installer. There’s a good chance you’ll give a copy to anyone that visits your website and wants to use your software. And you’re not hiding what you’re downloading in any meaningful way.
The authentication is important. That prevents someone from, say, sending the user a completely different binary and having your software run it.
The authentication could just as easily be solved by signing the files you distribute and validating the signature of the downloaded update before running it.
(Hell, if you’re signing your installers (likely) it could be as simple as deferring to Windows’ WinVerifyTrust method and a check that the certificate used is actually your own.)
Debian still distributes packages primarily over HTTP (https://www.debian.org/mirror/list) without issue.