Enforce the uses of HTTPS for all websites of VLC/videolan.org to prevent MITM exploits
VLC website does not use HTTPS by default, enforcing it. VLC website for download redirection does not use HTTPS by default, enforcing it. VLC download mirrors does not use HTTPS by default, enforcing it.
VLC is the most used video player opensource but it's website is by default in clear-text, exposing to any kind of of digital attacks that manipulate traffic between end-users and VLC website in order to inject computer malware bundled with the software package.
VLC trust and diffusion has been also being exploited by CIA: https://www.reddit.com/r/The_Donald/comments/5y0nh8/cia_using_vlc_media_player_to_hack_into_computers/
That's a serious security issue for end-users and reputation for VideoLan Project that should take action by securing all it's website and download procedures in order to guarantee end-users that the software that delivered from the VLC website is exactly what's being installed on the end-user computer.
This ticket is to:
-
Enable HTTPS by default on all Videolan hosted resources (such as videolan.org, get.videolan.org, etc) so that it achieve a rating of A+ on https://www.ssllabs.com testing
-
Make all of the Videolan mirror to serve the VLC client over HTTPS (that may need another ticket to be tracked, requiring other organization to update)