I just noticed the appdmg and pkgdmg package providers (used on osx) download packages using the curl flag "-k" aka "--insecure" which disables certificate checking.
Is there any reason for this? At the very least there should be a way to turn insecure mode off. Really it should never be enabled by default. This introduces a pretty big security vulnerability to workstations set up with Boxen, as remote dmg downloads are encouraged. Jack -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/9d392d5d-8a0c-4180-81db-500f8fa0a6c1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
