The author of the excellent build system Fastlane noticed that Flint’s site was not redirecting
https. I didn’t realise that this was a security issue - it’s not a problem if you are using Carthage to install the code, however if you follow links from a non-HTTPS website to download code this can open you to attacks that alter the code as you fetch it. So rather than leave this hole open we just switched on
https redirects — something that was just a case of ticking a box in the excellent CloudCannon UI.
You should look at all your app dependencies and how they are fetched to make sure your apps are not at risk of attack like this. See Felix’s excellent detailed post “Trusting SDKs”.