diff mbox series

fetch2/svn: Use server certificates going forward

Message ID 20260211155749.1254390-1-richard.purdie@linuxfoundation.org
State New
Headers show
Series fetch2/svn: Use server certificates going forward | expand

Commit Message

Richard Purdie Feb. 11, 2026, 3:57 p.m. UTC 
In the past, broken SSL certificates were common on subversion servers. As such,
the subversion fetcher used to ignore these issues.

Cert infrastructure has massively improved since that decision was made and things
like self signed certificates should no longer be common place.

We should follow good security practises and not have this as a default anymore,
remove the --trust-server-cert commandline option by default.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 lib/bb/fetch2/svn.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/lib/bb/fetch2/svn.py b/lib/bb/fetch2/svn.py
index 0852108e7d9..a097ffb76b5 100644
--- a/lib/bb/fetch2/svn.py
+++ b/lib/bb/fetch2/svn.py
@@ -34,7 +34,7 @@  class Svn(FetchMethod):
         if not "module" in ud.parm:
             raise MissingParameterError('module', ud.url)
 
-        ud.basecmd = d.getVar("FETCHCMD_svn") or "/usr/bin/env svn --non-interactive --trust-server-cert"
+        ud.basecmd = d.getVar("FETCHCMD_svn") or "/usr/bin/env svn --non-interactive"
 
         ud.module = ud.parm["module"]