Killing plaintext git:// in favor of https:// cloning

Eclipse Webmaster (Denis Roy) webmaster at
Mon Feb 22 20:57:07 CET 2016

On 22/02/16 02:50 PM, Joe Anakata wrote:
>> Yes, why?
>> What's the point?
>> The repos are public, so cloning them over https bring nothing, except
>> extra overhead and server load.
> While pretty unlikely, in theory someone could MITM a git:// clone and
> send the user a hax0red branch of cgit with integrated botnet which
> the user then compiles and installs on their server.

Everything is possible "in theory" ... But folks really need to stop 
thinking that https is the impenetrable solution to everything.

More information about the CGit mailing list