[Bug 3453] New: Trust the operating system's CA certificates by default
bugzilla-daemon at bz.selenic.com
bugzilla-daemon at bz.selenic.com
Tue May 15 04:27:55 CDT 2012
http://bz.selenic.com/show_bug.cgi?id=3453
Priority: meh
Bug ID: 3453
CC: mercurial-devel at selenic.com
Assignee: bugzilla at selenic.com
Summary: Trust the operating system's CA certificates by
default
Severity: bug
Classification: Unclassified
OS: Linux
Reporter: dtn-hgbugs at corefiling.co.uk
Hardware: PC
Status: UNCONFIRMED
Version: unspecified
Component: Mercurial
Product: Mercurial
http://mercurial.selenic.com/wiki/CACertificates explains that Mercurial does
not trust any CAs by default.
I think this is the wrong decision, for the following reasons:
1) It encourages users to blindly whitelist the fingerprint of each certificate
they encounter without checking it, thus providing a lower level of security
than trusting the same set of root certificates as the OS or a browser
2) It means that non-interactive checkouts (e.g. on a farm of machines doing
automated builds) are prone to fail without configuration being rolled out to
Mercurial on all machines involved.
Please consider trusting the OS's set of root certificates by default.
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the Mercurial-devel
mailing list