stage0: break apart -insecure-skip-verify
#912
Comments
- insecure-skip-verify is used in image fetch and trust for skipping verification, document this in the flags usage - make the docs more explicit about what insecure-skip-verify does We will split this sledgehammer flag into multiple flags via rkt#912
- insecure-skip-verify is used in image fetch and trust for skipping verification, document this in the flags usage - make the docs more explicit about what insecure-skip-verify does We will split this sledgehammer flag into multiple flags via rkt#912
I'll start on this. I think it's most clear to go with the "a combined 'options' flag " described above. |
Sounds reasonable to me. @robszumski ? |
Sounds good to me as long as a table of all the options makes it in the docs as part of this. Maybe throw up a deprecation warning? or are we going to support both? |
@blixtra should have a PR ready today but moving to next milestone to consider the time needed for reviewing. |
@blixtra when this gets merged, please check if the acbuild documentation and containers/build#100 still use |
@robszumski So this is in the last stage of review. Wanted to get a last ok from you regarding the UX. The documentation for the new option (and all global options) is here. One last thing I'm adding is Otherwise the global flag section of the help looks like this now
(excuse github formatting) |
@blixtra LGTM, thanks for checking |
Currently the
-insecure-skip-verify
flag is a sledgehammer for disabling various security mechanisms. This was an intentional design decision early in rkt's development to minimise flag churn as different security options evolved.As rkt matures and approaches 1.0 we need to tease apart the actual functionality of this flag into separate, well-defined options.
Here are the things that the flag does today:
rkt trust
)A couple of suggested options for what the new flags can look like:
-insecure-skip-verify-tls
,-insecure-skip-verify-image
, etc-no-verify-tls-certs
,-enable-http-fallback
, etc.-insecure-options=image,tls
The text was updated successfully, but these errors were encountered: