On Fri, 27 Dec 2013 15:12:07 +0100 Andreas Schwab <schwab@xxxxxxxxxxxxxx> wrote: > > So guess we just need to recommend using https:// protocol instead > > of git:// for our users? > > Given how easy it is to verify the integrity of a git repository out > of band there isn't really much of added security by using TLS for > transport. If the devs employ signed tags then yes but otherwise you'd have to have some reference repository to compare with. Sure they target for a more no-brainer setup. ;-) -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html