Re: git and https
On 27 May 2015 at 23:00, <josh@joshtriplett.org> wrote:
> On Wed, May 27, 2015 at 10:44:17PM +0100, Dimitri John Ledkov wrote:
>> On 27 May 2015 at 09:08, Wouter Verhelst <wouter@debian.org> wrote:
>> > On Mon, May 25, 2015 at 11:38:06AM -0700, Josh Triplett wrote:
>> >> > While we're on the subject of git security...should we stop
>> >> > recommending that non-account-holders use git:// (most efficient, but
>> >> > insecure against MITM unless you manually check the commit number) in
>> >> > preference to https:// (at least some security)?
>> >> > https://wiki.debian.org/Alioth/Git#Accessing_repositories
>> >>
>> >> https:// is actually just as efficient as git:// these days (other than the
>> >> minor overhead of TLS, which is worth it for security).
>> >
>> > Why? Which attack do you envision (other than the ridiculous "the NSA would see
>> > that we're pushing!", which they can by just doing a git clone too) that would
>> > be thwarted by https but not by signed commits?
>> >
>>
>> It fails The Dissident Test, hence we should use https or ssh for
>> cloning. And provide only those methods.
>>
>> Overall we should default to protect the privacy of DDs, contributors
>> and our users. I was pondering for some time if we should add that to
>> DFSG or maybe have a GR about it.
>
> The security of a program is orthogonal to its licensing; let's not mix
> the two. I agree that we should push for TLS, but that's not a DFSG
> matter.
Dunno, it's blurry to me. Shall we remove telnet?! Shall we not?!
Server / client / both?! A lot of times I view lack of privacy as
RC-buggy. Anyway, we are digressing.
--
Regards,
Dimitri.
Reply to: