Recently I found this commit, to make it ignore ssl cert errors. 7c575eff

This change disables SSL certificate validation when downloading resources. While this might "fix" some certificate-related errors, it introduces a critical security vulnerability:

• It allows man-in-the-middle (MITM) attacks — an attacker can hijack the download and return malicious content.
• It breaks the entire trust model of HTTPS. There is no way to ensure the downloaded content is authentic or untampered.
• It puts users at risk, and opens the door to possible remote code execution if the downloaded files are executed or loaded into memory.
• No serious software project does this by default — tools like curl, pip, or npm require explicit flags like --insecure, and even then warn users strongly against it.

This is not a minor tradeoff — it's a severe degradation in security, and it affects every user silently.

If the goal is to help users behind proxies or misconfigured networks, a better and safer approach would be:

• Provide an optional flag or configuration (like --insecure-download) that must be explicitly enabled by the user, and log a clear warning.
• Detect certificate errors and show an informative error message to the user, suggesting how to resolve it properly (e.g., install missing CA certificates, fix system clock, etc.).
• Allow advanced users to add trusted self-signed certificates if needed.

Please revert this commit immediately, or replace it with a safer alternative.

Security must not be compromised for convenience — especially silently.