1

The developers of Composer have a script you can execute to install Composer on your system. It contains a slew of CA certs in the file. I am new to certificate security and am wondering what this file is doing with them.

Here is the script in question: https://github.com/composer/getcomposer.org/blob/master/web/installer#L1483

anjunatl
  • 196
  • 6
  • 2
    Have you asked them? – Michael Hampton Feb 11 '17 at 22:31
  • @MichaelHampton Good point. Honestly not sure why it didn't occur to me. I found GitHub's commit comment feature, so I asked on the commit it was introduced on. It's some kind of "last resort" code, I guess if a system lacks the CA's or something. Thanks! https://github.com/composer/getcomposer.org/commit/745550837e9f93fa5bd5e4ea909a1e4fb54f0ba9 – anjunatl Feb 13 '17 at 02:50

1 Answers1

2

They are there in case the installer can't find/access the required cert(s) on the host system, according to one of the getcomposer.org contributors.

anjunatl
  • 196
  • 6