Re: git and https
On 27 May 2015 at 09:08, Wouter Verhelst <wouter@debian.org> wrote:
> On Mon, May 25, 2015 at 11:38:06AM -0700, Josh Triplett wrote:
>> > While we're on the subject of git security...should we stop
>> > recommending that non-account-holders use git:// (most efficient, but
>> > insecure against MITM unless you manually check the commit number) in
>> > preference to https:// (at least some security)?
>> > https://wiki.debian.org/Alioth/Git#Accessing_repositories
>>
>> https:// is actually just as efficient as git:// these days (other than the
>> minor overhead of TLS, which is worth it for security).
>
> Why? Which attack do you envision (other than the ridiculous "the NSA would see
> that we're pushing!", which they can by just doing a git clone too) that would
> be thwarted by https but not by signed commits?
>
It fails The Dissident Test, hence we should use https or ssh for
cloning. And provide only those methods.
Overall we should default to protect the privacy of DDs, contributors
and our users. I was pondering for some time if we should add that to
DFSG or maybe have a GR about it.
--
Regards,
Dimitri.
Reply to: