Hi,
Fraser Tweedale wrote:
--- a/Documentation/urls.txt
+++ b/Documentation/urls.txt
@@ -11,6 +11,9 @@ and ftps can be used for fetching and rsync can be used for
fetching
and pushing, but these are inefficient and deprecated; do not use
them).
+The git transport does not do any
The fact that the git transport does not do any authentication is
easily overlooked. For example, DNS poisoning may result in
fetching from somewhere that was not intended.
Add a brief security notice to the GIT URLS section of the
documentation stating that the git transport should be used with
The fact that the git transport does not do any authentication is
easily overlooked. For example, DNS poisoning may result in
fetching from somewhere that was not intended.
Add a brief security notice to the GIT URLS section
of the documentation stating that the git transport should be used
with
The fact that the git transport has no end-to-end security is easily
overlooked. Add a brief security notice to the GIT URLS section
of the documentation stating that the git transport should be used
with caution on unsecured networks.
Signed-off-by: Fraser Tweedale fr...@frase.id.au
---
Fraser Tweedale fr...@frase.id.au writes:
The fact that the git transport has no end-to-end security is easily
overlooked. Add a brief security notice to the GIT URLS section
of the documentation stating that the git transport should be used
with caution on unsecured networks.
On Mon, Jun 24, 2013 at 09:24:29AM -0700, Junio C Hamano wrote:
Fraser Tweedale fr...@frase.id.au writes:
The fact that the git transport has no end-to-end security is easily
overlooked. Add a brief security notice to the GIT URLS section
of the documentation stating that the git
On Tue, Jun 25, 2013 at 07:57:35AM +1000, Fraser Tweedale wrote:
The git transport is insecure and should be used with caution on
unsecured networks.
I don't understand this. How is git:// insecure?
It's protocol with no authentication, because it's a protocol used for
public sharing.
The
Fraser Tweedale fr...@frase.id.au writes:
Junio, do you prefer the following more generic wording? If so I
will re-roll the patch (also note s/protocol/transport/ which is
more appropriate, I think).
The git transport is insecure and should be used with caution on
unsecured networks.
Fredrik Gustafsson iv...@iveqy.com writes:
On Tue, Jun 25, 2013 at 07:57:35AM +1000, Fraser Tweedale wrote:
The git transport is insecure and should be used with caution on
unsecured networks.
I don't understand this. How is git:// insecure?
It's protocol with no authentication, because
On Mon, Jun 24, 2013 at 03:35:19PM -0700, Junio C Hamano wrote:
I don't understand this. How is git:// insecure?
If your DNS is poisoned, or your router is compromised to allow your
traffic diverted, you may be fetching from somewhere you did not
intend to. As I explained in a separate
10 matches
Mail list logo
