Why is secure-http set to false in composer.json by default?
QUIQQET sets the secure-http
config value in the root composer.json
to false by default:
https://dev.quiqqer.com/quiqqer/quiqqer/-/blob/b46bbd72002dbfc3013cc3f5aaacc6afc9c8fc5e/lib/QUI/Package/Manager.php#L471
The default Composer value for this setting is true
.
Does composer in QUIQQER really need to download content via plain HTTP by default?
As this could be dangerous, I would not set this to false
and have a system administrator change the value manually if he needs to.