Help me out here.
Apple silently forked Curl to accept other certs when explicitly told not to by command line options. Give me a scenario where this is NOT a deliberate man-in-the-middle attack for software installers running on MacOS.
https://apple.slashdot.org/story/24/03/23/0526257/apple-criticized-for-changing-the-macos-version-of-curl