d@nny disc@ mc²2d ago
anyone who genuinely tells you to curlbash in your CI is trying to do harm to you or to gain the ability to do great harm to you at some future date of their choosing
Show threadJordan Sissel2d ago
@hipsterelectron curlbash’s inability to cache makes me more upset than any other concerns like security or whatever.
Show threadd@nny disc@ mc²2d ago
@whack you can record ETag and Date headers and send them via the appropriate Cache-Control directive (hint: it is named almost completely the opposite of what you want to accomplish) and since there's no guarantees of any sort about ETag in any scenario they can just change it every time if they want but pypi usually puts on a good performance of compliance whenever anyone's watching
Show threadd@nny disc@ mc²
@whack it's If-Modified-Since for date but i forget the etag header anyway if they're being nice they'll send you a zero-length 403
Apr 13 at 3:16amWeb