Regarding Lintian's informational warning about insecure git:// URIs in the Vcs-Git field:
https://lintian.debian.org/tags/vcs-field-uses-insecure-uri.html I can switch easily from: git://anonscm.debian.org/collab-maint/trend.git to https://anonscm.debian.org/git/collab-maint/trend.git however shallow cloning (which I use regularly), breaks. I found an old mention exactly about this issue that boiled down to use your alioth account to use git+ssh. However, this is _not_ what I would suggest to a random user expecting to be able to clone from the provided URL. So, how serious is this "suggestion"?