[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: git and https

On Wed, May 27, 2015 at 10:44:17PM +0100, Dimitri John Ledkov wrote:
> On 27 May 2015 at 09:08, Wouter Verhelst <wouter@debian.org> wrote:
> > On Mon, May 25, 2015 at 11:38:06AM -0700, Josh Triplett wrote:
> >> > While we're on the subject of git security...should we stop
> >> > recommending that non-account-holders use git:// (most efficient, but
> >> > insecure against MITM unless you manually check the commit number) in
> >> > preference to https:// (at least some security)?
> >> > https://wiki.debian.org/Alioth/Git#Accessing_repositories
> >>
> >> https:// is actually just as efficient as git:// these days (other than the
> >> minor overhead of TLS, which is worth it for security).
> >
> > Why? Which attack do you envision (other than the ridiculous "the NSA would see
> > that we're pushing!", which they can by just doing a git clone too) that would
> > be thwarted by https but not by signed commits?
> >
> 
> It fails The Dissident Test, hence we should use https or ssh for
> cloning. And provide only those methods.
> 
> Overall we should default to protect the privacy of DDs, contributors
> and our users. I was pondering for some time if we should add that to
> DFSG or maybe have a GR about it.

The security of a program is orthogonal to its licensing; let's not mix
the two.  I agree that we should push for TLS, but that's not a DFSG
matter.
Reply to: