Http instead of https being used for download links.

[picatz]

How I insecurely installed ruby and why and things:

At the following url : ruby-lang.org/en/documentation/installation/#rubyinstaller there is a link to the ruby installer website. Note: unlike the link I have made for this issue, the ruby-lang.org website has the following link which is an "insecure" version of the ruby installer website because it's not bering served with https. This http version also seems to be the version I am directed to from the google index of "downloads" from what I can tell:

The following is a screenshot of what I'm talking about:

When you click on this link, you're taken to an insecure version of the ruby installer website. Note the lack of the green lock:

So, if I were to want to install ruby ( which I did ), I would be doing so via an insecure connection opening myself up to attacks. Moreover, the actual ruby installer website is serving their default download links with http as well ( from what I can tell ):

I've yet to do any testing to see how vulnerable this current setup is. But, knowing what I know about what should and shouldn't be served over https -- well, I just think these situations warrant it.

When I update or install packages with brew -- that seems to be done over https. I can configure apt to use https. Python's download page seems have all of its download links with https.

Perhaps I could just add a little s to the link from the downloads page to make it https?
http://dl.bintray.com/oneclick/rubyinstaller/rubyinstaller-2.3.1.exe
I haven't tried. Just tried.
https://dl.bintray.com/oneclick/rubyinstaller/rubyinstaller-2.3.1.exe
Seems to have worked just to the same.

I think it should be the default link to install if the option is there for an extra layer of security by default.

lol totally opened this up in the wrong repo first.