Replies: 2 comments 2 replies
-
|
I agree with this, or at the very least, changing the SHA256 hash override argument. There's a lot more things that I'd like to force that don't involve overriding the hash mismatch. |
Beta Was this translation helpful? Give feedback.
-
|
This seems like it would be making the application more secure; I agree with the logic here, especially since some users will put I can agree with |
Beta Was this translation helpful? Give feedback.
-
IIRC, that's what's happening here: There's a GPO for controlling hash overrides, but there's not an admin setting. |
Beta Was this translation helpful? Give feedback.
-
Yes, Group Policy is great, but an admin setting would be an added level of security as well |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
--forceshould become the default and only flag to indicate “winget, thank you for trying to protect me, but I want you to go ahead and power through these minor conservative blockers”. For instance, if the ARP entry that we would write for a portable already exists and we don’t want to stomp it,--forcesays “go ahead”. PowerShell works this way,-Forceis the general use argument to move forward in the event of potentially destructive behavior that isn’t done by default.The existing use of
--forceto indicate “override the security issue of mismatching hash” should be moved to something less trivial and generic, like--ignore-hash-mismatch. I would be fine with--ignore-hash-mismatch-i-accept-all-liabilityas well, but that might be too long.I realize that this would be a breaking change for scripts that were using
--force, but I (personally) don't have a problem with breaking flows that are inadvisable in the first place.Beta Was this translation helpful? Give feedback.
All reactions