Opposite of --insecure is what?

[Jason Harris]

On Feb 6, 2011, at 7:56 AM, Augie Fackler wrote:

> On Feb 4, 2011, at 5:26 AM, Mads Kiilerich wrote:
>> 
>> On 02/04/2011 10:09 AM, Jason Harris wrote:
>>> Ok in making MacHg work with certificates for https:// and fingerprints and
>>> stuff the following issue has come up... Ironically I now have almost the
>>> opposite question to the ones I previously asked. How do I make the operation
>>> always fail if there is no verifiable certificate or fingerprint?
>> 
>> For now the way to do that is to specify a web.cacerts file. It can't be empty, but you can generate a random self-signed certificate and throw away the key.
>> 
>> It would make sense if Mercurial by default aborted instead of issuing a warning (unless --insecure was specified). Such a change would in my opinion have been too invasive for a stable bugfix release - that is one of the reasons we just give a warning (or a number of them ...).
>> 
>> The packaging guideline has however already been changed to recommend shipping Mercurial with web.cacerts configured and the windows installers already does that. That effectively changed the default.
>> 
>> Developers: Should we change the insecure warning to an abort in 1.8? With fallback to insecure+warning if web.cacerts=! ?
> 
> I'd like to make it an abort in non-interactive mode with an interactive prompt to accept the presented certificate. Does that seem like something we can do now that we have the option of ssh-like key acceptance? I'd implement this by having a file in .hg (let's say .hg/authorized_certs) that was machine-writeable (but still plain text so it could be edited.)

Yes that makes a lot of sense... This also means that basically as Mads suggested that Mercurial will have to do the lookup of the fingerprint after the fail. In this case the fingerprint should be printed always on abort I think... That way GUI designers like me can pick this key out easily.

Cheers.
  Jas