[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: git and https

]] Russ Allbery 

> Also, for people coming from Debian hosts talking to the Debian
> infrastructure, at least in theory we *could* do certificate pinning,
> which transforms HTTPS into a worthwhile security protocol.  It's not
> exactly trivial to work out the UI and integration problems, and it
> doesn't help for people not coming from a Debian system (at least as
> much), but it might be worth considering.

HTTPS already has various ways to do cert pinning via standard protocol
headers (and preloading), so if git were enhanced to support those, we
could use them (and possibly ship the pinning info in git/a supporting
package).

-- 
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
Reply to: