Killing plaintext git:// in favor of https:// cloning
jea-signup-cgit at anakata.org
Mon Feb 22 20:50:42 CET 2016
On 22/02/16 19:16, Jason A. Donenfeld wrote:
>> Now that git.zx2c4.com runs over HTTPS, I'm considering getting rid of
>> the plaintext git:// endpoint for cloning.
Ferry Huberts Proclaimed Thus:
>What's the point?
>The repos are public, so cloning them over https bring nothing, except
>extra overhead and server load.
While pretty unlikely, in theory someone could MITM a git:// clone and
send the user a hax0red branch of cgit with integrated botnet which
the user then compiles and installs on their server.
Not sure if the extra server load is worth it to defend against this
case or not. (Also, presumably the server is using the cgit smart http
endpoint so https clone is not much additional DATA, just the ssl
handshake; but definitely additional cpu for crypto operations.)
More information about the CGit