savannah-hackers-public
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Savannah-hackers-public] [task #13333] Please make git reos availab


From: Assaf Gordon
Subject: Re: [Savannah-hackers-public] [task #13333] Please make git reos available on https
Date: Tue, 30 Sep 2014 21:40:14 -0400
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.1.2

Strange, I've responded to this item on the website interface,
but have not seen an email sent to the mailing list (or on the mailing list 
website at
http://lists.gnu.org/archive/html/savannah-hackers-public/2014-09/index.html ).

     http://savannah.gnu.org/task/?13333

In any case, my response is attached below.

On 09/26/2014 12:39 PM, anonymous wrote:
Details:

https://savannah.gnu.org/maintenance/UsingGit/ recommends the git: protocol,
with http and a fallback when that port is blocked.

Neither of the protocols offers for read-only access support encryption or
server authentication. This leaves visitors vulnerable to mitm code injection
and passive surveillance.

Please ad https support, and recommend it over the git protocol.

Hello,

Since this was posted anonymously, I do not thing a discussion will result.

But for future reference, here are some relevant items:

1. A similar previous request:
https://savannah.gnu.org/support/?108556

2. A relevant discussion on the GIT mailing list:
Subject: "git:// protocol over SSL/TLS"
http://marc.info/?l=git&m=138814914720394&w=2

3. A comment by Andreas Schwab, saying:
"Given how easy it is to verify the integrity of a git repository out of band there 
isn't really much of added security by using TLS for transport."
http://marc.info/?l=git&m=138815353821210&w=2

As such, I'm closing this item.
- Assaf





reply via email to

[Prev in Thread] Current Thread [Next in Thread]