|
From: | David A. Wheeler |
Subject: | [savannah-help-public] [sr #109093] Support and require cloning via https:// instead of git://, http://, svn://, or other insecure transport |
Date: | Sat, 30 Jul 2016 19:41:36 +0000 (UTC) |
User-agent: | Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0 |
Follow-up Comment #2, sr #109093 (project administration): I agree, supporting HTTPS on the repo is critically important. This lack makes it easy for someone to launch a MITM attack on the code supported by Savannah. Note that the Linux Foundation's "best practices" badge makes HTTPS a minimum requirement: <https://github.com/linuxfoundation/cii-best-practices-badge/blob/master/doc/criteria.md#sites_https>. What's the blocker? Is there anything that can be done to help? Savannah already has the needed TLS certs, so I imagine that all that's needed is a minor configuration change. _______________________________________________________ Reply to this item at: <http://savannah.gnu.org/support/?109093> _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/
[Prev in Thread] | Current Thread | [Next in Thread] |