curl-users
Re: Which version of certdata.txt is preferred for mk-ca-bundle, and why?
Date: Sat, 28 Dec 2013 23:27:11 +0100 (CET)
On Wed, 18 Dec 2013, Leif W wrote:
Okay, back to this topic again. Sorry for my absense.
> Wondering about an idea: If we know what certificate is used for https on a
> release repository, and we know what certificate authority will be used to
> check that cert, maybe we could include just that CA in the mk-ca-bundle (in
> a HERE document assignment to a variable). Maybe still too much
> maintenance, but trying to think of a hybrid idea. That could satisfy as
> much as possible while minimizing administrative burden of maintainability.
Yes, that would be a way to solve the chicken-egg problem. I would however
prefer to not mix that solution into this main concern about which file to use
as the default one...
>> and possibly we should also make it output some general warnings in the
>> spirit you
>
> "Warning: Use of this script will make a security engineer grind his teeth
> and swear at you." ;)
>
> Maybe always print out:
>
> "Use of this script may pose some risk, -d risk for more details." And then
> describe more there?
Right, that's exactly what I meant!
-- / daniel.haxx.se ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-users FAQ: http://curl.haxx.se/docs/faq.html Etiquette: http://curl.haxx.se/mail/etiquette.htmlReceived on 2013-12-28