CloneWithCommitMsgHook: Stop passing --insecure to curl
Validating certs is an important feature of HTTPS that we should not
disable, especially when downloading code that is going to be trusted.
This "curl" invocation does not take place until after a successful
"git clone", so the -k option would not be useful for dealing with
misconfigured https servers. Any configuration that needs -k would
already be broken because of the "git clone" that comes before it.
Reported-by: Gert van Dijk <firstname.lastname@example.org>
Bug: Issue 7562
1 file changed