I’ve noticed:
- ST3 checks for updates over HTTPS
- ST3 downloads updates over HTTP
Questions:
- Why does ST3 download updates over HTTP if it already checks for them over HTTPS?
- Does ST3 use a pinned certificate when verifying the updated binary? If so, where is this certificate located within the app bundle? If not, why on earth not and when will this be fixed?