When you clone the repository without previous commit history, 'git://' doesn't protect from man-in-the-middle attacks. HTTPS is more secure since the client verifies the server certificate.
Reported-by: Jann Horn <ja...@google.com> Reviewed-by: Daniel P. Berrangé <berra...@redhat.com> Signed-off-by: Stefan Hajnoczi <stefa...@redhat.com> --- scripts/get_maintainer.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/get_maintainer.pl b/scripts/get_maintainer.pl index 43fb5f512f..fc7275b9e2 100755 --- a/scripts/get_maintainer.pl +++ b/scripts/get_maintainer.pl @@ -1376,7 +1376,7 @@ sub vcs_exists { warn("$P: No supported VCS found. Add --nogit to options?\n"); warn("Using a git repository produces better results.\n"); warn("Try latest git repository using:\n"); - warn("git clone git://git.qemu.org/qemu.git\n"); + warn("git clone https//git.qemu.org/git/qemu.git\n"); $printed_novcs = 1; } return 0; -- 2.17.2