From f1b29dbeb4277bf8a7febc795fe52e7b109c6d59 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 21 Jun 2018 14:14:56 -0400 Subject: [PATCH] don't assume boto will remain secure On second thought, best to default to being secure even if boto changes http libraries to one that happens to follow redirects. --- Remote/Glacier.hs | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Remote/Glacier.hs b/Remote/Glacier.hs index e6cd68fdf3..ad5f2e24a7 100644 --- a/Remote/Glacier.hs +++ b/Remote/Glacier.hs @@ -56,8 +56,10 @@ gen r u c gc = new <$> remoteCost gc veryExpensiveRemoteCost , retrieveKeyFile = retreiveKeyFileDummy , retrieveKeyFileCheap = retrieveCheap this -- glacier-cli does not follow redirects and does - -- not support file://, so this is secure. - , retrievalSecurityPolicy = RetrievalAllKeysSecure + -- not support file://, as far as we know, but + -- there's no guarantee that will continue to be + -- the case, so require verifiable keys. + , retrievalSecurityPolicy = RetrievalVerifiableKeysSecure , removeKey = removeKeyDummy , lockContent = Nothing , checkPresent = checkPresentDummy