(02-26-2018, 12:30 PM)Helios Wrote: [ -> ]Anyways, most of our users don't care about http downloads of 7zip. You're actually the first complaint. Combine that with the significant bandwidth savings, you're not making a convincing argument.
Also, if you click through 7zip's site a bit, you can get to their sourceforge (lol SF) where they host the code and https downloads of the 7zip installer for Windows.
Ok, bandwidth takes priority over security in this case. I understand.
Note, by the way, that SourceForge's reputation went down the toilet in 2015 when they were caught packaging adware with their hosted projects' downloads. So yeah, not a fantastic option either.
The point is this whole "issue" you're referring isn't ours. Chromium-derived browsers will of course start blocking downloads from HTTP sources, that's not an "if", that's a "when", after all the current versions already are chatty enough when you're in a HTTP-only website and Google will also push the boundary even further in June, when Chrome 68 hits stable channel (Mozilla and the others will do the same although I'm not aware if they already have set deadlines like Google). I'm pretty sure when this becomes mandatory 7-Zip and others would already have enabled HTTPS on their servers.
You're also acting as if the web browser were the only security barrier a PC would have, which is also not true. Since Windows 8 the OS has a built-in antivirus and even through it's basic it would certainly detect malware-injected executables, blocking them even before the download finishes. Even if you're in ancient Windows versions they would keep bugging you since the first boot to install a 3rd-party antivirus, which would also detect this kind of attack. This is also a non-existent issue on macOS and in a huge majority of Linux distros because they all ship with built-in applications that's capable of reading 7z format, so no download from HTTP-only website involved other than the Dolphin build, which comes in their platform-specific format instead of 7z and that's served through our HTTPS-enabled site anyways, so not really an issue on those OSes.
TL;DR it's not our fault that 7-Zip and others still have HTTP-only websites and there's nothing we can do. In the meantime your options are turning the paranoia mode off and downloading 7-Zip executable from it's HTTP-only website or just dealing with the couple of dubious shareware/ad-filled apps that can handle 7z (or at least claims to) and that you seem to judge more secure just because they're served through HTTPS (hint: the former option is way safer even considering the security implications)...
What you've done here: complained to an open-source project about how they deliver their downloads.
What you should have done: complained to an open-source project about how they deliver their downloads.
Which open-source project you complained to: Dolphin Emulator.
Which open-source project you should have complained to: 7zip.