Despite of all you're talking about is right from paranoid point of view, I'd,
anyway, say DO NOT DO THAT, because you propose to revoke the right of
choice from the users.
It is user's decision, which protocol to use to fetch the sources. Although,
you're, of course, free to make layman to
Doesn't git:// uses SSH wich is secure? I think that was on github.
git+ssh:// — does. git:// — does not. It is just git-daemon listening on
separate port and serving plaintext, readonly (by default) access.
signature.asc
Description: This is a digitally signed message part.
GitHub does not support git:// but only secure protocols (HTTPS, SSH),
GitHub DO (!) support git://
$ git clone git://github.com/msva/mva-overlay.git
Cloning into 'mva-overlay'...
remote: Counting objects: 10435, done.
remote: Compressing objects: 100% (41/41), done.
remote: Total 10435 (delta
Hi!
For the current Gentoo Git setup I found these methods working for
accessing a repository, betagarden in this case:
git://anongit.gentoo.org/proj/betagarden.git
(git://git.gentoo.org/proj/betagarden.git)
(git://git.overlays.gentoo.org/proj/betagarden.git)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 03/29/2015 06:41 PM, Sebastian Pipping wrote:
Hi!
...
* Why do we serve Git over git:// and http:// if those are
vulnerable to man-in-the-middle attacks (before having waterproof
GPG protection for whole repositories in place)?
They would not do online banking over http, right? Why would they run
code with root privileges from http?
1) Actually, they will :(
2) Because they can't review what bank received via insecure channel, while
they can review what they're themselves received via http/git.
--
Best regards,
On Sun, 29 Mar 2015 18:41:33 +0200 Sebastian Pipping wrote:
So I would like to propose that
* support for Git access through https:// is activated,
* Git access through http:// and git:// is deactivated, and
Some people have https blocked. http:// and git:// must be
available read-only.
On 29.03.2015 19:39, Andrew Savchenko wrote:
On Sun, 29 Mar 2015 18:41:33 +0200 Sebastian Pipping wrote:
So I would like to propose that
* support for Git access through https:// is activated,
* Git access through http:// and git:// is deactivated, and
Some people have https blocked.
On Sun, 29 Mar 2015 18:41:33 +0200
Sebastian Pipping sp...@gentoo.org wrote:
Hi!
For the current Gentoo Git setup I found these methods working for
accessing a repository, betagarden in this case:
git://anongit.gentoo.org/proj/betagarden.git
On Sun, 29 Mar 2015 19:52:38 +0200 Sebastian Pipping wrote:
On 29.03.2015 19:39, Andrew Savchenko wrote:
On Sun, 29 Mar 2015 18:41:33 +0200 Sebastian Pipping wrote:
So I would like to propose that
* support for Git access through https:// is activated,
* Git access through http://
On 29.03.2015 19:56, Diamond wrote:
Doesn't git:// uses SSH wich is secure? I think that was on github.
git:// is the git protocol [1] with absolutely no authentication and
no encryption.
GitHub does not support git:// but only secure protocols (HTTPS, SSH),
see [2].
Best,
Sebastian
[1]
pedantOpenPGP (GPG is just one implementation)/pedant, but indeed,
that is what the gentoo-keys project is about. There is experimental
support for OpenPGP verification in portage already using gkeys.
Currently the focus is on getting developer's keys up to GLEP63 specs,
i currently see 36
On Sun, Mar 29, 2015 at 1:52 PM, Sebastian Pipping sp...@gentoo.org wrote:
On 29.03.2015 19:39, Andrew Savchenko wrote:
On Sun, 29 Mar 2015 18:41:33 +0200 Sebastian Pipping wrote:
So I would like to propose that
* support for Git access through https:// is activated,
* Git access through
On Sun, 29 Mar 2015 23:35:54 +0600
Vadim A. Misbakh-Soloviov m...@mva.name wrote:
Despite of all you're talking about is right from paranoid point of
view, I'd, anyway, say DO NOT DO THAT, because you propose to
revoke the right of choice from the users.
A right of choice from the user only
14 matches
Mail list logo