Open
Description
Feature request description
Now that I fixed CVE-2025-6032 it means we always a require a valid HTTPS connection for machine image pulls for local testing it might be interesting to bypass that requirement.
AFAICt it should already work to bypass that via registries.conf when configuring the registry as insecure there.
Suggest potential solution
podman pull has the --tls-verify=false option so I would suggest we add the same to machine init.
Have you considered any alternatives?
The alternative is to not expose this this then users need to manually download the image somehow and pass it via a local path to --image.
Additional context
I guess this is not really as important as I doubt much people would run an unsecured registry to server our VM disk images for themselves.