From b37d010bb2c90b6e96cd99a7579f5291895f9292 Mon Sep 17 00:00:00 2001 From: Josh King Date: Tue, 9 Jul 2024 09:46:06 +1200 Subject: [PATCH] (fix) Correct link syntax in security.mdx There was a greedy adjustment to the new xref syntax which turned half of a paragraph into a single link. This should have actually been 1 anchor link and 1 xref link. --- src/content/docs/en-us/information/security.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/content/docs/en-us/information/security.mdx b/src/content/docs/en-us/information/security.mdx index b762d5c479..5d91ecc20b 100644 --- a/src/content/docs/en-us/information/security.mdx +++ b/src/content/docs/en-us/information/security.mdx @@ -236,7 +236,7 @@ For using Chocolatey, if you are using the community repository, you will need t For specific IP addresses to whitelist, please see the following: [https://www.cloudflare.com/ips/](https://www.cloudflare.com/ips/) -If you are using the community package repository, you would also need to whitelist the official distribution location for **EVERY** package that you intend to manage (unless you had a licensed edition **and** the downloads have been cached on the Chocolatey customer CDN). This is due to distribution rights and the community repo being publicly available (discussed above at of those downloaded resources, which is used instead of reaching out to those remote locations to ensure availability. +If you are using the community package repository, you would also need to whitelist the official distribution location for **EVERY** package that you intend to manage (unless you had a licensed edition **and** the downloads have been cached on the Chocolatey customer CDN). This is due to distribution rights and the community repo being publicly available (discussed above at [community.chocolatey.org Packages](#communitychocolateyorg-packages)), so those community packages are not able to embed binaries directly into the package and must download those resources at runtime. Licensed editions of Chocolatey take advantage of a of those downloaded resources, which is used instead of reaching out to those remote locations to ensure availability. Keep in mind that the Chocolatey CDN can only download resources for packages that it has been able to cache. While it is currently able to cache 70% of the existing packages ([https://chocolatey.org/stats](https://chocolatey.org/stats)) for actuals - use PackagesCached divided by UniquePackages), we always recommend running `choco search pkgid` (or `choco info pkgid`) to determine if it has the "Downloads cached for licensed users" aspect, or look on the package page for the indicator that the packages are cached. If it does not, you would either need to go through the process of internalization for that package, or look to whitelisting whatever resources that package needed to download. @@ -296,4 +296,4 @@ A non-administrative user should choose to install Chocolatey in a directory som ## Report Issue - Report general security issue - please email security [at] chocolatey dot io. -- Report package malware/security/other package issue - please use the Report Abuse link directly on the package page on [https://community.chocolatey.org/packages](https://community.chocolatey.org/packages). \ No newline at end of file +- Report package malware/security/other package issue - please use the Report Abuse link directly on the package page on [https://community.chocolatey.org/packages](https://community.chocolatey.org/packages).