Killing plaintext git:// in favor of https:// cloning
mailings at hupie.com
Mon Feb 22 20:59:32 CET 2016
On 22/02/16 20:50, Joe Anakata wrote:
> On 22/02/16 19:16, Jason A. Donenfeld wrote:
>>> Now that git.zx2c4.com runs over HTTPS, I'm considering getting rid of
>>> the plaintext git:// endpoint for cloning.
> Ferry Huberts Proclaimed Thus:
>> Yes, why?
>> What's the point?
>> The repos are public, so cloning them over https bring nothing, except
>> extra overhead and server load.
> While pretty unlikely, in theory someone could MITM a git:// clone and
> send the user a hax0red branch of cgit with integrated botnet which
> the user then compiles and installs on their server.
That is a pretty unlikely and sophisticated attack vector, for
admittedly little gain. Someone with an existing clone can immediately
see that thing are off.
It is a vector though, so if you really want to defend against it, then
just ignore my comments ;-)
> Not sure if the extra server load is worth it to defend against this
> case or not. (Also, presumably the server is using the cgit smart http
> endpoint so https clone is not much additional DATA, just the ssl
> handshake; but definitely additional cpu for crypto operations.)
> CGit mailing list
> CGit at lists.zx2c4.com
More information about the CGit