Hello,
First I'm not an expert in the following matter so please correct me if I'm wrong here! But my concern is that without HTTPS enabled for git a man in the middle attack would be possible.
As far as I understand cloning a git repo is atm only possible via standard git protocol (e.g. git clone git://common-lisp.net/projects/alexandria/alexandria.git) and I believe the git protocol is not secured. See https://gist.github.com/grawity/4392747.
What is the greatest software in world good for if you can't distribute it securely?
On Wed, 2015-01-28 at 09:14 +0100, Mario S. Mommer wrote:
Hi,
if I understood correctly, the issue is that although the repositories are public, it is still nobody's business what one does download.
We need a proper key setup anyway, which implies buying an ssl certificate. I'll look into this.
Once we have the cert, it is just a matter of enabling https, and public repos can be checked out or cloned in a secure manner.
Regards, Mario
On Tue, 27 Jan 2015 23:06:56 +0100 Erik Huelsmann ehuels@gmail.com wrote:
Hi Frank,
On Tue, Jan 27, 2015 at 10:29 PM, Frank fau@riseup.net wrote:
Have you made any progress regarding https access via git?
Hi! Thanks for sending a follow-up. Actually, reading Mario's response, I was under the impression that we were waiting for a response to Mario's mail: From Mario's mail I read that there are some doubts as to what that would add? In other words: why do you want https, given that the code you'll be cloning is public code anyway?
Regards,