I just noticed the appdmg and pkgdmg package providers (used on osx) download packages using the curl flag "-k" aka "--insecure" which disables certificate checking.
Is there any reason for this? At the very least there should be a way to turn insecure mode off. Really it should never be enabled by default. This introduces a pretty big security vulnerability to workstations set up with Boxen, as remote dmg downloads are encouraged. Jack -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/9d392d5d-8a0c-4180-81db-500f8fa0a6c1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
