Description: When downloading LibreOffice from the website [1] in UK, the download is fine. But when downloading in South Africa, the download link is insecure, which causes problems: • Chrome refuses to download • Edge permits the download after a warning • It's necessary to check the SHA256 in case the download is compromised This has been the case for a while, not just recently. [1] https://www.libreoffice.org/download/download/ Steps to Reproduce: 1. Go to libreoffice.org > Download in South Africa 2. Download LibreOffice (I used Windows 64-bit, stable version) Actual Results: The displayed link when hovering over the Download button is secure [2] screenshot 1), but the resolved link to download is insecure [3] (screenshot 2). [2] https://www.libreoffice.org/donate/dl/win-x86_64/7.1.8/en-GB/LibreOffice_7.1.8_Win_x64.msi [3] http://tdf.saix.net/libreoffice/stable/7.1.8/win/x86_64/LibreOffice_7.1.8_Win_x64.msi Expected Results: The resolved link should be secure via https. Reproducible: Always User Profile Reset: No Additional Info: Screenshot 1 shows the initial Download link. Screenshot 2 shows the resolved link as actually downloaded from Edge.
Created attachment 176835 [details] Screenshot showing Initial download link Screenshot showing the initial download link (at the bottom of the screen)
Created attachment 176836 [details] Screenshot showing resolved insecure link Screenshot showing the resolved insecure link
Ifyou need Https,you can manually change the mirror. I'll mark NotOurBug because this is not Bugzilla issue. Only could be Redmine, but I wouldn't say even that, some mirrors are http. https://download.documentfoundation.org/libreoffice/stable/7.2.4/win/x86/LibreOffice_7.2.4_Win_x86.msi.mirrorlist
(In reply to Timur from comment #3) > Ifyou need Https,you can manually change the mirror. > I'll mark NotOurBug because this is not Bugzilla issue. > Only could be Redmine, but I wouldn't say even that, some mirrors are http. > > https://download.documentfoundation.org/libreoffice/stable/7.2.4/win/x86/ > LibreOffice_7.2.4_Win_x86.msi.mirrorlist @Timur — Thank you for your reply, and for the link to the mirror list. Very few people are sufficiently technically astute to understand how to do this. It took me a while to figure out what was going on. It is also a little worrying that the mirror in my report, saix.net, isn't even listed in the mirror list. This reflects poorly on LibreOffice, because this is supposed to be a LibreOffice-approved list, and in today's world, nothing should be http for obvious reasons. If this isn't directly a LibreOffice issue, whom should I report this to?