[vbox-dev] Guest Additions are being downloaded over insecure HTTP
Frank Mehnert
frank.mehnert at oracle.com
Thu Aug 21 06:34:53 GMT 2014
George,
On Thursday 21 August 2014 02:02:37 George Kadianakis wrote:
> Klaus Espenlaub said:
> > can you make a clear statement what package you're using? None of the
> > packages from virtualbox.org should ever execute this code path.
>
> Hm, I'm using Debian testing (jessie) with the Debian virtualbox
> package:
> # apt-cache show virtualbox
> Package: virtualbox
> Version: 4.3.14-dfsg-1
>
> While using a VM, I go to the "Devices" menu and then "Insert Guest
> Additions CD image".
>
> Then it tells me that "Could not find Virtualbox Guest Additions disk
> image file. Do you wish to download this disk image from the Internet".
>
> If I click "Download", I get:
>
> "Are you sure you want to download the VirtualBox Guest Additions disk image
> file from
> http://dlc.sun.com.edgesuite.net/virtualbox/4.3.14/VBoxGuestAdditions_4.3.1
> 4.iso (size 65,943,552 bytes)?"
>
> I have no idea what edgesuite.net is, but indeed I couldn't find a
> reference in the vanilla Virtualbox codebase...
>
> Is this Debian code?
dlc.sun.com.edgesuite.net is the service behind download.virtualbox.org.
As Klaus explained, there is work going on to make the stuff from this
service accessible via HTTPS but this will take more time.
The VirtualBox packages made by Oracle include the Guest Additions. They
are only available via HTTP. But the Debian repository at
http://download.virtualbox.org/virtualbox/debian is signed and there are
checksums available for all these packages at
https://www.virtualbox.org/download/hashes/{version}/{SHA256SUMS}
Kind regards,
Frank
--
Dr.-Ing. Frank Mehnert | Software Development Director, VirtualBox
ORACLE Deutschland B.V. & Co. KG | Werkstr. 24 | 71384 Weinstadt, Germany
Hauptverwaltung: Riesstr. 25, D-80992 München
Registergericht: Amtsgericht München, HRA 95603
Geschäftsführer: Jürgen Kunz
Komplementärin: ORACLE Deutschland Verwaltung B.V.
Hertogswetering 163/167, 3543 AS Utrecht, Niederlande
Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697
Geschäftsführer: Alexander van der Ven, Astrid Kepper, Val Maher
More information about the vbox-dev
mailing list