duerst / it.aoyama.ac.jp wrote:
> Just an intermediate report: HTTPS is available only since
> about a week, and the Unicode Consortium wants to check things
> a bit more before the availability is officially confirmed and
> announced. I'll wait until that time.

Regardless of HTTPS or not; can we keep known-good
SHA-256/384/512/whatever signature(s) of the to-be-downloaded
files in our repository and validate the downloaded result?

IIRC, MiTM HTTPS proxies exist, and the CA system is still
vulnerable.

Unsubscribe: <mailto:ruby-core-request / ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>