On Oct 7, 2011, at 8:21 AM, Till Maas wrote: > On Fri, Oct 07, 2011 at 07:53:25AM -0700, Jesse Keating wrote: > >> Might have gone quicker if you pull via git:// and then only push via ssh:// reducing your ssh handshakes by half. > > How do you ensure the integrity of the git repo if it is pulled via > git://? As far as I can see doing this automatically is an invitation to > perform man-in-the-middle attacks. > > Kind Regards > Till Sure that's a risk. It'd take a fairly sophisticated attach to take advantage of it, but yes, it's a risk. Strikes me as easier to just fake your way into the packager group and upload your bad-bits that way. Everything is a balance between risk and performance. - jlk -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
