<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <div class="moz-cite-prefix">Hi Austin,<br>
      <br>
      On 30.11.2017 19:56, Austin English wrote:<br>
    </div>
    <blockquote type="cite"
      cite="mid:20171130185719.15232-4-austinenglish@gmail.com">
      <pre wrap="">diff --git a/dlls/appwiz.cpl/addons.c b/dlls/appwiz.cpl/addons.c
index 5ec49cfe6a..0bbc90f3eb 100644
--- a/dlls/appwiz.cpl/addons.c
+++ b/dlls/appwiz.cpl/addons.c
@@ -86,7 +86,7 @@ static const addon_info_t addons_info[] = {
         "wine_gecko-" GECKO_VERSION "-" ARCH_STRING ".msi",
         "gecko",
         GECKO_SHA,
-        <a class="moz-txt-link-rfc2396E" href="http://source.winehq.org/winegecko.php" moz-do-not-send="true">"http://source.winehq.org/winegecko.php"</a>,
+        <a class="moz-txt-link-rfc2396E" href="https://source.winehq.org/winegecko.php" moz-do-not-send="true">"https://source.winehq.org/winegecko.php"</a>,
         "MSHTML", "GeckoUrl", "GeckoCabDir",
         MAKEINTRESOURCEW(ID_DWL_GECKO_DIALOG)
     },
@@ -95,7 +95,7 @@ static const addon_info_t addons_info[] = {
         "wine-mono-" MONO_VERSION ".msi",
         "mono",
         MONO_SHA,
-        <a class="moz-txt-link-rfc2396E" href="http://source.winehq.org/winemono.php" moz-do-not-send="true">"http://source.winehq.org/winemono.php"</a>,
+        <a class="moz-txt-link-rfc2396E" href="https://source.winehq.org/winemono.php" moz-do-not-send="true">"https://source.winehq.org/winemono.php"</a>,</pre>
    </blockquote>
    <p><br>
    </p>
    <p>While I'm not really opposed, I think this deserves more
      attention. Note that this change means that we will download Gecko
      and Mono using https instead of http. While it's usually fine,
      it's an extra complexity and involves additional dependences to
      achieve the task. For example, it means that if you don't have a
      working GnuTLS and WineGecko cached, Wine won't be able to setup
      your prefix correctly.</p>
    <p><br>
    </p>
    <p>Also note that we check checksums of downloaded files, so
      installing those packages is safe as far as attacks by modifying
      content is considered. All we gain from https in this case is a
      bit of privacy improvement.</p>
    <p><br>
    </p>
    <p>That said, I'm not sure we want that change unless we have a good
      reason.</p>
    <p><br>
    </p>
    <p>Thanks,</p>
    <p>Jacek<br>
    </p>
  </body>
</html>