it is just a link to documentation

that could easily be trojan-horsed with links to malware if you are viewing it in a poorly secured setting (like public wifi), because you can't verify the origin. so the best we can say about the author is that we are getting inconsistent signals on how seriously they understand and implement security concerns. so better review that code carefully before use, rather than assuming their expertise from release notes.

If you're downloading binaries from a plaintext documentation site, I think that's on you.

TLS certs are freeeeee

Judging from this very release, where he implemented support for page-level checksums and encryption for LMBD, I assume the author knows a thing or two about encryption. He probably then deemed it unnecessary for this specific website.

Cryptography engineers are not excluded from being lazy sysadmins.

What do you mean "lazy"? I thought you said TLS certs were free. Do you mean they cost something after all? Time, for example?

Anyway, of course in case you feel the website is a risk, you should refrain from using it. Safety comes first.

Indeed, there's no need to use the doc website. There's nothing there that isn't embedded in the LMDB source code. All of the docs are generated from doxygen comments in the source.

[deleted]