-
-
Notifications
You must be signed in to change notification settings - Fork 46
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Don't allow insecure connections and add timeout #45
Conversation
I am a bot, here are the test results for this PR: |
Note: for some reason project-bot didn't add #44 to the Issue & PR tracker, like it added this request. Hopefully it won't fall between the cracks. |
dbc0405
to
7a6ff0a
Compare
I am a bot, here are the test results for this PR: |
1 similar comment
I am a bot, here are the test results for this PR: |
Insecure connections (-k) would allow man-in-the middle attacks to read your update token. In theory a connection may hang for hours without this, thus preventing update attempts. Source: curl man page under --max-time.
7a6ff0a
to
e601417
Compare
I am a bot, here are the test results for this PR: |
I am a bot, here are the test results for this PR: |
Description:
Insecure connections (-k) would allow man-in-the middle attacks to read
your update token.
In theory a connection may hang for hours without a timeout, thus preventing
update attempts. Source: curl man page under --max-time.
Benefits of this PR and context:
Security and reliability
How Has This Been Tested?
Built and ran the container. Output: