Re: git and https
]] Wouter Verhelst
> - Most importantly, you need to configure your webserver and SSL library
> so it disables outdated protocol versions, enables newer secure
> protocol versions (doing so in a way that older proprietary clients
> who don't speak those newer versions yet and make up the majority of
> your target audience aren't excluded), and a whole bunch of other
> things.
We should make sure the defaults shipped here are up to date with latest
security practices, IMO. And yes, I think we should update those in
security updates too.
[...]
> In contrast, gpg just requires you to generate a key, and configure git
> to use it. That's it. Yes, preferably you'd get that key signed by
> someone else so you're part of the web of trust, but that isn't a
> prerequisite (that is, you can start signing today, and worry about
> getting your key added to the WoT later). Explaining how to do that can
> be done in a fairly short web page.
You mean, apart from telling it to use sha256 for sigs, etc? IIRC, the
defaults for GPG aren't very appropriate either.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
Reply to: