Re: Cert validation in pkg_add

To: tech-pkg%netbsd.org@localhost, Taylor R Campbell <riastradh%netbsd.org@localhost>
Subject: Re: Cert validation in pkg_add
From: Joerg Sonnenberger <joerg%bec.de@localhost>
Date: Sun, 17 Dec 2023 23:01:23 +0100

On Saturday, December 9, 2023 5:56:03 AM CET Taylor R Campbell wrote:
> tl;dr: I propose to enable cert validation in pkg_add by default.

The only reason I never committed the patch to enable certificate validation
is the #$%#@$^@ situation on all NetBSD releases. I would even go a step
further and not have an option to disable it or at most an environment
variable for libfetch. That dramatically simplifies the code as well.

It should be noted that a very common setup nowaday is to just redirect
all http traffic to https anyway, so this has a somewhat broader impact than
might be obvious.

Joerg

Follow-Ups:
- Re: Cert validation in pkg_add
  - From: Taylor R Campbell

References:
- Cert validation in pkg_add
  - From: Taylor R Campbell

Prev by Date: Re: pkg options inheritance
Next by Date: Re: Cert validation in pkg_add
Previous by Thread: Re: Cert validation in pkg_add
Next by Thread: Re: Cert validation in pkg_add
Indexes:

Home | Main Index | Thread Index | Old Index