On Thu, Sep 16, 2010 at 09:49:02PM +0200, Sylvain Beucler wrote: > On Thu, Sep 16, 2010 at 09:00:16PM +0900, Miles Bader wrote: > > "Andreas K. Foerster" <[email protected]> writes: > > >> For commit access, I dislike granting Apache write access to all > > >> repositories, because in that case any flaw in > > >> Apache/Gitweb/CGit/etc. would allow the attacker to corrupt any > > >> Savannah repositories. > > > > > > More importantly, the article suggests using Basic Authentification. > > > That sends the password unencrypted over the line, just base64-encoded, > > > but anybody can decode that. So, it's a very bad idea to use that for > > > sensible data. > > > > Anyway, even just read-only mode would be a great improvement over the > > old http protocol. > > I'm not able to install it properly.
Hmmm, actually it works, but it doesn't support a HTTP redirect (namely git.sv.gnu.org -> git.savannah.gnu.org). $ git clone http://git.sv.gnu.org/r/freedink.git Initialized empty Git repository in /tmp/freedink/.git/ error: RPC failed; result=22, HTTP code = 405 ^C $ git clone http://git.savannah.gnu.org/r/freedink.git Initialized empty Git repository in /tmp/freedink/.git/ remote: Counting objects: 5528, done. remote: Compressing objects: 11% (174/1578) Any volunteer to report it? -- Sylvain
