Re: Secure Vcs-Git on alioth

To: debian-mentors@lists.debian.org
Subject: Re: Secure Vcs-Git on alioth
From: Jakub Wilk <jwilk@debian.org>
Date: Sun, 17 Jul 2016 14:38:52 +0200
Message-id: <[🔎] 20160717123852.dxystxsszv34moaf@jwilk.net>
Mail-followup-to: debian-mentors@lists.debian.org
In-reply-to: <[🔎] 87vb045ukj.fsf@wavexx.thregr.org>
References: <[🔎] 87vb045ukj.fsf@wavexx.thregr.org>

* Yuri D'Elia <wavexx@thregr.org>, 2016-07-17, 14:15:

Regarding Lintian's informational warning about insecure git:// URIs inthe Vcs-Git field:


https://lintian.debian.org/tags/vcs-field-uses-insecure-uri.html

I can switch easily from:

 git://anonscm.debian.org/collab-maint/trend.git

to

 https://anonscm.debian.org/git/collab-maint/trend.git

however shallow cloning (which I use regularly), breaks.

Are you sure it's about git:// vs https://? Shallow cloning has neverworked for me reliably:


$ git clone -v --depth=10 git://anonscm.debian.org/collab-maint/trend.git
Cloning into 'trend'...
Looking up anonscm.debian.org ... done.
Connecting to anonscm.debian.org (port 9418) ... 5.153.231.21 done.
fatal: The remote end hung up unexpectedly
fatal: early EOF
fatal: index-pack failed

$ git clone -v --depth=10 https://anonscm.debian.org/git/collab-maint/trend.git
Cloning into 'trend'...
POST git-upload-pack (156 bytes)
POST git-upload-pack (165 bytes)
fatal: The remote end hung up unexpectedly
fatal: protocol error: bad pack header

--
Jakub Wilk

Reply to:

Follow-Ups:
- Re: Secure Vcs-Git on alioth
  - From: Yuri D'Elia <wavexx@thregr.org>

References:
- Secure Vcs-Git on alioth
  - From: Yuri D'Elia <wavexx@thregr.org>

Prev by Date: Secure Vcs-Git on alioth
Next by Date: Re: Secure Vcs-Git on alioth
Previous by thread: Secure Vcs-Git on alioth
Next by thread: Re: Secure Vcs-Git on alioth
Index(es):
- Date
- Thread