-
Notifications
You must be signed in to change notification settings - Fork 50
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
make wget upgrade-self use no-check-certificate #60
base: master
Are you sure you want to change the base?
Conversation
Why does your system need no-check-certificate? |
I'll look into it tomorrow morning when I get to that work location.
At my main work location, wget calls within cygwin always give an error
about not being able to verify certificates and at the location I'm at now,
everything works fine with a default installation.
And AFAIK, the networks here are set up the same (I believe the same IT
folks set up both schools but I'm not sure).
…On Mon, Dec 9, 2019 at 4:21 PM kou1okada ***@***.***> wrote:
Why do your system need no-check-certificate?
Almost system does not need it.
You must not decrease the whole security level by resolving a special
case, I think.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#60?email_source=notifications&email_token=AC5TL7I6BIPC44JFHBHDS3TQXXWWDA5CNFSM4JYC6Q72YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEGIDMRY#issuecomment-563099207>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AC5TL7MBVIGM4XWTYVGNEN3QXXWWDANCNFSM4JYC6Q7Q>
.
|
Does your environment install
So, if you install I think following suggestions will help people who have similar situations for you.
But, ignoring the certification for whole environment is a bad idea. |
ca-certificates is installed. But I receive:
ERROR: The certificate of ‘raw.githubusercontent.com’ is not trusted.
ERROR: The certificate of ‘raw.githubusercontent.com’ hasn't got a known
issuer.
…On Tue, Dec 10, 2019 at 12:07 PM kou1okada ***@***.***> wrote:
Does your environment install ca-certificates package correctly?
It provides CA certifications and it is also required from wget.
$ apt-cyg rdepends ca-certificates | grep ^wget
wget 1 3 3
$ apt-cyg depends wget | grep ^ca-certificates
ca-certificates 1 3 3
So, if you install wget, it will be installed automatically.
If it is not installed correctly, apt-cyg dist-upgrade may solve the
problem.
I think following suggestions will help people who have similar situations
for you.
- Catch a failing wget and abort task.
- Provide an option to use --no-check-certificate.
But, ignoring the certification for whole environment is a bad idea.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#60?email_source=notifications&email_token=AC5TL7PZAC43JXLKFRUJ7EDQX4BVLA5CNFSM4JYC6Q72YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEGMMINA#issuecomment-563659828>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AC5TL7LQ5AWR5IJUF7KXCFDQX4BVLANCNFSM4JYC6Q7Q>
.
|
Shouldn't you doubt the security risks with MITM (man in the middle ) attack?
and
|
In a system that needs no-check-certificate, calling wget without it creates a copy of the file that's empty/useless.
So, this makes the default fallback not check certificates.