Jonathan Nieder <jrnie...@gmail.com> writes: > C. You have transport-level integrity protection, e.g. by using a > protocol like https:// or ssh:// with proper PKI.
I think it's worth being honest with ourselves here that the proper PKI part is not really happening with the Vcs-Git field (or Vcs-Browser for that matter) in normal usage in the context of Debian packages and random remote hosts. The bar to the attacker is not zero when https with normal public CAs is in use, but it's not very high. I'm fine with including integrity protection in the protocol description anyway, but hopefully no one will think that it implies that https is providing strong authentication of the Git server here. There's non-zero authentication, but it's pretty weak. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/>