that does sound worrying. I doubt the admin wants to know what I'm downloading but rather get (temporarily) rid of a problem. Does that compromise the security of the hpc system or does it mean someone could hack my github account?
On 1 August 2014 08:02, <gael.mc...@gmail.com> wrote: > Sounds like a bad idea. If the SSL cert is not correct in your > configuration (whereas it is in the outside world) it becomes clear that > your admin just want to know what you are downloading. > > Basically, he told you "Please let us perform MITM attack on your > connexion. To make our job easier, please desactivate all the SSL checks so > that our cert (and maybe others) are accepted". > > The extra downside is that now anyone can alter the data you are > downloading and you won't have the slightest idea this is happening (if > that happens). >
