Killing plaintext git:// in favor of https:// cloning
Eric Wong
normalperson at yhbt.net
Tue Feb 23 02:19:57 CET 2016
"Jason A. Donenfeld" <Jason at zx2c4.com> wrote:
> Now that git.zx2c4.com runs over HTTPS, I'm considering getting rid of
> the plaintext git:// endpoint for cloning.
> Does anybody have any objections or comments?
I suggest keeping git:// running as automated mirrors may not be
monitored very closely or easily updated.
git already has plenty of integrity checking built-in and
getting the proper hashes for the heads/tags over a
trusted-enough medium is enough (or reading the fine code).
And as others have said, HTTPS isn't impenetrable and the
CA system is still a major problem.
Also, TLS libraries can introduce new bugs and vulnerabilities
like Heartbleed. Quoting from http://www.postfix.org/TLS_README.html
| By turning on TLS support in Postfix, you not only get the
| ability to encrypt mail and to authenticate remote SMTP clients
| or servers. You also turn on thousands and thousands of lines of
| OpenSSL library code. Assuming that OpenSSL is written as
| carefully as Wietse's own code, every 1000 lines introduce one
| additional bug into Postfix.
Something to keep in mind :)
More information about the CGit
mailing list