[email protected] wrote:
On Wed, Jun 10, 2009 at 05:36:50PM -0700, Dan Price wrote:
Utilities like curl, wget, etc. tend to support a --insecure option,
which basically says, yeah, I know that I can't validate that a server
is what it claims to be, but go ahead anyway.
Do you anticipate having such an option exposed? Would you envision
that being command line? Or stored per-repository?
I'd prefer not to have that option exposed. Right now, I have a
workaround in place that disables CA verification if the directory that
contains the CA certs isn't present. If we'd like to continue to have
this behavior, it should probably be an image property or a
per-repository config option.
I'm not certain that I'm comfortable with a behaviour that automatically
stops verifying the identity of a server because a directory isn't
present. It seems like whether we verify that identity of servers
should either be an image property, or per-repository property.
Cheers,
--
Shawn Walker
_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
