Re: git and https

To: debian-devel@lists.debian.org
Subject: Re: git and https
From: Josh Triplett <josh@joshtriplett.org>
Date: Mon, 25 May 2015 11:38:06 -0700
Message-id: <[🔎] 20150525183805.GA2452@x>
In-reply-to: <[🔎] 55631103.3020200@zoho.com>

> While we're on the subject of git security...should we stop
> recommending that non-account-holders use git:// (most efficient, but
> insecure against MITM unless you manually check the commit number) in
> preference to https:// (at least some security)?
> https://wiki.debian.org/Alioth/Git#Accessing_repositories

https:// is actually just as efficient as git:// these days (other than the
minor overhead of TLS, which is worth it for security).  See "man
git-http-backend" for details on the "smart" HTTP protocol, which uses
the same protocol as git:// .

- Josh Triplett

Reply to:

Follow-Ups:
- Re: git and https
  - From: Wouter Verhelst <wouter@debian.org>

References:
- git and https
  - From: "Rebecca N. Palmer" <rebecca_palmer@zoho.com>

Prev by Date: Re: Bits from the Stable Release Managers
Next by Date: Re: Bits from the Stable Release Managers
Previous by thread: Re: git and https
Next by thread: Re: git and https
Index(es):
- Date
- Thread