git and https

To: debian-devel@lists.debian.org
Subject: git and https
From: "Rebecca N. Palmer" <rebecca_palmer@zoho.com>
Date: Mon, 25 May 2015 13:09:39 +0100
Message-id: <[🔎] 55631103.3020200@zoho.com>

While we're on the subject of git security...should we stop recommendingthat non-account-holders use git:// (most efficient, but insecureagainst MITM unless you manually check the commit number) in preferenceto https:// (at least some security)?https://wiki.debian.org/Alioth/Git#Accessing_repositories

Any suggestions for persuading upstreams to care about these issues?Mine has no https on the repository (though they do on the releasetarballs), no signed anything, and have not responded to me pointing outthat this is a security hole:https://bugs.freedesktop.org/show_bug.cgi?id=89682

Reply to:

Follow-Ups:
- Re: git and https
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: git and https
  - From: Josh Triplett <josh@joshtriplett.org>

Prev by Date: Re: Architectures where unaligned access is (not) OK?
Next by Date: Re: Proposal, a Build-Depends-Optional field
Previous by thread: Re: Architectures where unaligned access is (not) OK?
Next by thread: Re: git and https
Index(es):
- Date
- Thread