Killing plaintext git:// in favor of https:// cloning

Ferry Huberts mailings at
Mon Feb 22 20:59:32 CET 2016

On 22/02/16 20:50, Joe Anakata wrote:
> On 22/02/16 19:16, Jason A. Donenfeld wrote:
>>> Now that runs over HTTPS, I'm considering getting rid of
>>> the plaintext git:// endpoint for cloning.
> Ferry Huberts Proclaimed Thus:
>> Yes, why?
>> What's the point?
>> The repos are public, so cloning them over https bring nothing, except
>> extra overhead and server load.
> While pretty unlikely, in theory someone could MITM a git:// clone and
> send the user a hax0red branch of cgit with integrated botnet which
> the user then compiles and installs on their server.

That is a pretty unlikely and sophisticated attack vector, for 
admittedly little gain. Someone with an existing clone can immediately 
see that thing are off.

It is a vector though, so if you really want to defend against it, then 
just ignore my comments ;-)

> Not sure if the extra server load is worth it to defend against this
> case or not.  (Also, presumably the server is using the cgit smart http
> endpoint so https clone is not much additional DATA, just the ssl
> handshake; but definitely additional cpu for crypto operations.)
> Thanks
> -Joe
> _______________________________________________
> CGit mailing list
> CGit at

Ferry Huberts

More information about the CGit mailing list