I didn't exactly want to launch a discussion about security in general. I did not even intend to *actually* mean that your sysadmin just want to look at what you are doing (that thing called irony ...).
Given more time, seeing your message, I would have come back and cleared your worries much in the way Ivar did. Exactly as he said: you are already allowed to download compile and use some random code grabbed from the internet. Untrusted download of nearly untrusted code isn't exactly a problem. Actually, my wild guess is that since the heartbleed bug finding, github changed its certificates and used a new CA (as the CAs themselves had to change them). But your system being frozen (aka. HPC great curse), its CA database is outdated. So the signature you are getting is legit but you are not checking it against the right, up to date, CA public certificate. But disregarding the recent events, it was much more thrilling to assume that the certificates are replace on the go by an evil admin who just want to inject slight code modification in what you downloaded to transform it into a bitcoin miner. The ironic tone came because I find it unacceptable, from a sysadmin, to give such crappy, misleading and idiotic advice without at least a tiny piece of explanation about why, in this specific case, as a temporary workaround, this is not all that crappy, misleading and idiotic. (He might be a very nice guy doing a very good job usually, but that's irrelevant). I'm jalous! Instead of being paid a misery to do science, I should have became sysadmin, put some idiotic firewall to "protect" the internal network and its users, MITM all the https connexion and take advantage of the fools who dared to try paying online from within the firewall. I can imagine it "no, there's absolutely no problem, you can safely disregard those warnings. If it's really a problem, try to use HTTP whenever you can. Your problem is solved? You're very welcome". Well, I did crappy career choices. Oh, irony, again... More seriously, that was ironic but not a joke. This is a bad idea even if it can be considered sensible. Ask your sysadmin to update the CA certificate database. If it's not working, he has to help you determine why there is still a problem with SSL. @Stephan: for download, as you said, there is checksuming to prevent MITM data injection. Finding a collision is already very hard, finding working, malicious, code with collision is nearly impossible. SSL make it even more impossible. I would add that even if the chain of trust is not complete, Linux codebase as well as Julia's can be trusted with a high degree of confidence. If absolute confidence should be reached to bother using SSL, then why not paying online using plain HTTP?
