Merge pull request #827 from aaronwmorris/dev

aaronwmorris · web-flow · commit 43ced7a0c4fc · 2023-07-07T23:06:49.000-04:00
README updates related to security
diff --git a/README.md b/README.md
@@ -78,6 +78,15 @@ indi-allsky is software used to manage a Linux-based All Sky Camera using the IN
 
 MacOS support is theoretically possible, but not tested.
 
+
+### Security
+In an effort to increase security, I am trying to do a better job of tracking security issues in indi-allsky and the associated Software Bill of Materials.  GitHub Dependabot alerts are enabled which help track things like vulnerable Python modules.
+
+https://github.com/aaronwmorris/indi-allsky/wiki/Security-considerations
+
+https://github.com/aaronwmorris/indi-allsky/wiki/Security-Notifications
+
+
 ### libcamera support
 libcamera is a new camera interface designed to replace the legacy camera interfaces such as V4L2.
 
diff --git a/indi_allsky/aurora.py b/indi_allsky/aurora.py
@@ -112,7 +112,7 @@ def update(self, camera):
     def download_json(self, url):
         logger.warning('Downloading %s', url)
 
-        r = requests.get(url, allow_redirects=True, verify=True)
+        r = requests.get(url, allow_redirects=True, verify=True, timeout=15.0)
 
         if r.status_code >= 400:
             logger.error('URL returned %d', r.status_code)
diff --git a/testing/aurora_test.py b/testing/aurora_test.py
@@ -128,7 +128,7 @@ def main(self):
 
     def download_json(self, url, tmpfile):
         logger.warning('Downloading %s', url)
-        r = requests.get(url, allow_redirects=True, verify=True)
+        r = requests.get(url, allow_redirects=True, verify=True, timeout=15.0)
 
         if r.status_code >= 400:
             logger.error('URL returned %d', r.status_code)
