Re: git and https

To: debian-devel@lists.debian.org
Subject: Re: git and https
From: Russ Allbery <rra@debian.org>
Date: Wed, 27 May 2015 22:23:02 -0700
Message-id: <[🔎] 87pp5l5l8p.fsf@hope.eyrie.org>
In-reply-to: <[🔎] 20150527160230.GA1068@jtriplet-mobl1> (Josh Triplett's message of "Wed, 27 May 2015 09:02:30 -0700")
References: <[🔎] 55631103.3020200@zoho.com> <[🔎] 20150525183805.GA2452@x> <[🔎] 20150527080835.GA20359@grep.be> <[🔎] 20150527160230.GA1068@jtriplet-mobl1>

Josh Triplett <josh@joshtriplett.org> writes:

> https:// avoids MITM;

If you aren't doing certificate pinning, I don't think you can really say
this with a straight face.

It makes MITM moderately harder, at the cost of giving money to a bunch of
exploitative clowns who have no concept of what security means.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to:

Follow-Ups:
- Re: git and https
  - From: Roland Mas <lolando@debian.org>
- Re: git and https
  - From: Clint Byrum <spamaps@debian.org>

References:
- git and https
  - From: "Rebecca N. Palmer" <rebecca_palmer@zoho.com>
- Re: git and https
  - From: Josh Triplett <josh@joshtriplett.org>
- Re: git and https
  - From: Wouter Verhelst <wouter@debian.org>
- Re: git and https
  - From: Josh Triplett <josh@joshtriplett.org>

Prev by Date: Re: Bug#786902: O: ifupdown -- high level tools to configure network interfaces
Next by Date: Using build profiles in stretch?
Previous by thread: Re: git and https
Next by thread: Re: git and https
Index(es):
- Date
- Thread