[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#24466: `guix download` accepts expired TLS certificates
From: |
Leo Famulari |
Subject: |
bug#24466: `guix download` accepts expired TLS certificates |
Date: |
Sun, 18 Sep 2016 21:14:54 -0400 |
User-agent: |
Mutt/1.7.0 (2016-08-17) |
While testing Nicolas's patch "Update giac-xcas", I found that `guix
download` accepts expired TLS certificates.
I tried visiting the upstream site in order to verify the hash of the
updated package, and my browsers (Firefox and Chromium) warned me that
the site's certificate had expired ~1 day ago.
However, `guix build -S` did not warn me or prevent me from downloading
the source code.
Perhaps it doesn't matter for the case of `guix build -S`, since we
already know what we expect to download. But, for `guix download`, this
is a bug.
[0]
http://lists.gnu.org/archive/html/guix-devel/2016-09/msg01460.html
signature.asc
Description: PGP signature
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- bug#24466: `guix download` accepts expired TLS certificates,
Leo Famulari <=