Re: git:// protocol over SSL/TLS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

On Fri, Dec 27, 2013 at 7:36 PM, Konstantin Khomoutov
<flatworm@xxxxxxxxxxxxxxxxxxxxx> wrote:
>
> The Git protocol does not implement it itself but you can channel it
> over a TLS tunnel (via stunnel for instance).  Unfortunately, this
> means a specialized software and setup on both ends so if the question
> was about a general client using stock Git then the answer is no, it's
> impossible.

Ok, got it.

> Yes, but it will only be secure if you've managed to verify the
> server's certificate and do trust its issuer (or a CA higher up the
> cert's trust chain) -- people tend to confuse "encrypted" with
> "secure" which is not at all the same thing.

We've got CA-signed certificate atm and it's about to be also
EV-signed for our server (git.blender.org). So this is not gonna to be
an issue. Cloning over https:// works fine, but we wanted to be sure
all the bits are secure.

So guess we just need to recommend using https:// protocol instead of
git:// for our users?

-- 
With best regards, Sergey Sharybin
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]