msimerson
commented
9 years ago - On systems where the curl/fetch/wget/p5-LWP-UserAgent have access to a certificate authority, the validation of the GitHub SSL certificate should be quite sufficient. If it's not for you, Pull Requests are welcome.
- Point well take. Auto-update is disabled as of 1.04.
Two things dealing with autoupdates done on the web. First it doesn't look like there is any authentication of the code that you get on update. No digital signature checking of the code or server makes it possible to hijack the request and replace the code with a malicious version. Second it doesn't look like there's an option to turn off auto updates.
Thanks for the code!