Suggestion: Avoid using https in Pybombs recipes

I just updated to the latest pybombs and recipes and I notice that a lot
of recipes based on https sources fail due to certificate validation
errors. I would like to suggest to avoid https in recipes and use http
instead - unless no alternative exists. This may lower security, but as
the software we are working with is opensource anyway I do not see the
need for encryption. And as certificate validation fails that benefit of
https is not working either.
Just food for thought, Mark

On Tue, Jul 30, 2013 at 11:57:09AM +0100, M Dammer wrote:

This may lower security, but as the software we are working with is
opensource anyway I do not see the need for encryption.

There have been attacks against users of open source software via
automated software update and installation methods.

My two cents: fix certificate validation instead of dropping https.

If you “sudo make install” a compiled binary from spoofed git
repository, your botnet masters will thank you!


From: discuss-gnuradio-bounces+sean.nowlan=removed_email_address@domain.invalid
[discuss-gnuradio-bounces+sean.nowlan=removed_email_address@domain.invalid] on behalf
of Michael O. [[email protected]]
Sent: Tuesday, July 30, 2013 11:52 AM
To: M Dammer
Cc: [email protected]
Subject: Re: [Discuss-gnuradio] Suggestion: Avoid using https in Pybombs
recipes

On Tue, Jul 30, 2013 at 11:57:09AM +0100, M Dammer wrote:

This may lower security, but as the software we are working with is
opensource anyway I do not see the need for encryption.

There have been attacks against users of open source software via
automated software update and installation methods.

My two cents: fix certificate validation instead of dropping https.


Discuss-gnuradio mailing list
[email protected]
https://lists.gnu.org/mailman/listinfo/discuss-gnuradio

Michael you are right. I checked the svn repos that do not work and it
looks as they or even the whole cgran.org archive has moved to only
https access anyway. Yes, it would be good if certificate validation
would work in an easy way. I am saying easy, because using SSL etc. from
the commandline can be complicated - hence my initial request.