Re: [PATCH] git-imap-send.txt: remove the use of sslverify=false

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Barbu Paul - Gheorghe <barbu.paul.gheorghe@xxxxxxxxx> writes:

> Since SSL provides no protection if the certificates aren't verified it's
> better not to include sslverify=false in the examples.
> Also in the post 1.8.2.1 era git is able to properly verify the validity of a
> certificate as well it's origin.
>
> Signed-off-by: Barbu Paul - Gheorghe <barbu.paul.gheorghe@xxxxxxxxx>
> ---
>  Documentation/git-imap-send.txt | 2 --
>  1 file changed, 2 deletions(-)
>
> diff --git a/Documentation/git-imap-send.txt b/Documentation/git-imap-send.txt
> index 875d283..0d72977 100644
> --- a/Documentation/git-imap-send.txt
> +++ b/Documentation/git-imap-send.txt
> @@ -108,7 +108,6 @@ Using direct mode with SSL:
>      user = bob
>      pass = p4ssw0rd
>      port = 123
> -    sslverify = false
>  ..........................
>   @@ -123,7 +122,6 @@ to specify your account settings:
>  	host = imaps://imap.gmail.com
>  	user = user@xxxxxxxxx
>  	port = 993
> -	sslverify = false
>  ---------
>   You might need to instead use: folder = "[Google Mail]/Drafts" if you get an error

It is amusing that an MTA can mangle such a short patch this badly.

Count the number of preimage lines in the first hunk and you see
only 5 lines but you claim it has 7.  Where did the other two go?
The second hunk has the same problem.  "@@" that introduces the
second hunk is not at the leftmost column.  Where did the leading SP
come from?

The examples in the documentation are primarily to demonstrate how
the supported configurations and options can be used and for what
purpose. its secondary purpose is to nudge the readers into the best
practice.

So I'd suggest a patch that does these things instead of just
removing these two:

 (0) Remove the duplication between the Examples header with ~~~~~~
     underline and the EXAMPLE header with ------ underline.

 (1) Use the second hunk of your patch to remove sslverify=false
     from that imap.gmail.com example.  As a public service, it is
     unlikely that the server side is configured to throw a
     certificate that does not verify at you.

 (2) Instead of removing sslverify=false in the imap.example.com
     example, comment it out like this:

     -	sslverify = false
     +	; sslverify = false

     Then mention that the user may want to use sslverify=false
     while troubleshooting, if he suspects that the reason he is
     having trouble connecting is because the certificate he uses at
     the private server at example.com he is trying to set up (or
     has set up) may not be verified correctly.
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]