Secure Vcs-Git on alioth

To: debian-mentors@lists.debian.org
Subject: Secure Vcs-Git on alioth
From: Yuri D'Elia <wavexx@thregr.org>
Date: Sun, 17 Jul 2016 14:15:56 +0200
Message-id: <[🔎] 87vb045ukj.fsf@wavexx.thregr.org>

Regarding Lintian's informational warning about insecure git:// URIs in
the Vcs-Git field:

https://lintian.debian.org/tags/vcs-field-uses-insecure-uri.html

I can switch easily from:

  git://anonscm.debian.org/collab-maint/trend.git

to

  https://anonscm.debian.org/git/collab-maint/trend.git

however shallow cloning (which I use regularly), breaks.

I found an old mention exactly about this issue that boiled down to use
your alioth account to use git+ssh. However, this is _not_ what I would
suggest to a random user expecting to be able to clone from the provided
URL.

So, how serious is this "suggestion"?

Reply to:

Follow-Ups:
- Re: Secure Vcs-Git on alioth
  - From: Jakub Wilk <jwilk@debian.org>
- Re: Secure Vcs-Git on alioth
  - From: Christian Seiler <christian@iwakd.de>

Prev by Date: Re: uscan for a single text file
Next by Date: Re: Secure Vcs-Git on alioth
Previous by thread: Bug#824967: marked as done (RFS: budgie-desktop/10.2.5-1 [ITP])
Next by thread: Re: Secure Vcs-Git on alioth
Index(es):
- Date
- Thread