mxnet-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sheng Zha <szha....@gmail.com>
Subject Allow SSL Verification to be off in mx.gluon.utils.download?
Date Wed, 04 Jul 2018 06:58:52 GMT
Hi,

This is a follow-up discussion from PR-11546
<https://github.com/apache/incubator-mxnet/pull/11546#pullrequestreview-134215477>
per
suggestion from Marco. The proposed approach is to add an option to allow
users who call the download function to explicitly turn off ssl
verification. The default behavior is unchanged (i.e. always verify). From
the comments so far:

Pros:
Users can use this function to download from trusted links that don't have
proper ssl cert set-up, only by disabling this option explicitly. Without
this option, the download function cannot be used in such case.

Cons:
Vulnerable to MITM when disabled.

My take on this is that having such option is better, since download
function can be useful in more scenarios. I'd like to hear from others if
there are scenarios that this approach is absolutely not acceptable. Thanks.

-sz

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message