The VideoLAN Forums

Hi,

The Forum and Wiki are HTTPS, but the website and especially the download page are not.

http://get.videolan.org/vlc/2.2.4/win32 ... -win32.exe

I really don't like to download executables over HTTP because I don't know which man-in-the-middle has given it to me. Popular programs like VLC are an excellent target for these kind of attacks.

Is there someone here who is able to give an estimate on how difficult it is to change this and tell me who needs to be convinced it is a good idea?

Just use https://get.videolan.org/vlc/2.2.4/win3 ... -win32.exe

Yes, that works. Then I suggest to update VLC to use HTTPS and then remove the HTTP download. What forum should I use to place these suggestions? Is VLC media player Feature Requests the correct one?

I suggest to update VLC to use HTTPS and then remove the HTTP download. What forum should I use to place these suggestions? Is VLC media player Feature Requests the correct one?

For this particular point about the website you are already using the correct forum.

Yes, that works. Then I suggest to update VLC to use HTTPS and then remove the HTTP download. What forum should I use to place these suggestions? Is VLC media player Feature Requests the correct one?

This will not happen. We have 100+ mirrors that we don't control, and they can't have HTTPS, and notably not with our HTTPS certificate.