On Mon, Oct 23, 2017 at 3:28 PM, Emmanuel Charpentier <emanuel.charpent...@gmail.com> wrote: >> It should be possible to disable the requirement at >> configure time and fallback to a different default. It's a shame we >> require a patch for this for now but I can help push for an upstream >> fix to this if need be, because I think it's fairly silly. > > > Could you explain why ? I think that the move towards authentication of the > download sources is a Good Idea (TM), but I may be wrong. In any case, the > "silliness" of this is nor obvious to my dentist's eyes...
Perhaps this should clarify: If the CRAN service is switched to using HTTPS, then it can't be accessed without HTTPS. If the user tries to access the site with software that doesn't have HTTPS support then they are prevented from performing insecure downloads, QED. In other words, the security here is being provided by the service. The client is free to decide whether or not they wish to implement their end in order to be able to access the service. -- You received this message because you are subscribed to the Google Groups "sage-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to sage-devel+unsubscr...@googlegroups.com. To post to this group, send email to sage-devel@googlegroups.com. Visit this group at https://groups.google.com/group/sage-devel. For more options, visit https://groups.google.com/d/optout.
