Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Set allow-unverified-downloads in initremote
This config setting is meant to protect against downloads from sources that can potentially be spoofed, e.g. private IP addresses which could be assigned to different machines on different networks. We know that this isn't the case for the CDS remote: the target for requests is always determined by the cdsapi package, which in turn talks to the CDS service and does TLS verification due to using HTTPS. This means that we are unaffected by the security issue the setting is meant to protect against. So there is no need for a user of the CDS special remote to manually set the option in every repository, we might as well do it for them.
- Loading branch information