Killing plaintext git:// in favor of https:// cloning

Eric Wong normalperson at
Tue Feb 23 02:19:57 CET 2016

"Jason A. Donenfeld" <Jason at> wrote:
> Now that runs over HTTPS, I'm considering getting rid of
> the plaintext git:// endpoint for cloning.

> Does anybody have any objections or comments?

I suggest keeping git:// running as automated mirrors may not be
monitored very closely or easily updated.

git already has plenty of integrity checking built-in and
getting the proper hashes for the heads/tags over a
trusted-enough medium is enough (or reading the fine code).

And as others have said, HTTPS isn't impenetrable and the
CA system is still a major problem.

Also, TLS libraries can introduce new bugs and vulnerabilities
like Heartbleed.  Quoting from

|  By turning on TLS support in Postfix, you not only get the
|  ability to encrypt mail and to authenticate remote SMTP clients
|  or servers. You also turn on thousands and thousands of lines of
|  OpenSSL library code. Assuming that OpenSSL is written as
|  carefully as Wietse's own code, every 1000 lines introduce one
|  additional bug into Postfix.

Something to keep in mind :)

More information about the CGit mailing list