Added option to skip signature verification#356
Conversation
|
I'm not convinced I like this option. Let me try to explain:
|
|
I understand and support your position. On the other hand, I also think it is more important to leave the choice to the user. My current solution is to add trusted keys via Anyhow, I think this flag should exist, just in case one quickly needs to test something without user interaction. I'd rather have the choice than being constrained by my tools for "security reasons". |
|
I'd also be in for a refactoring (something along the lines of |
|
I'll think about it some more :) Appreciate the work either way! |
|
@theseer Hi, I'm currently looking through my open PRs. Have you thought about it yet? :) |
|
I'll try to work on phive in the upcoming days, so i'll give more feedback asap. |
|
Het @theseer, how's it going? Any news what will happen with this PR? |
My use case for this is running
phivein a CI pipeline. I want to be able to install PHARs without user interaction and with already known versions.