Re: git:// protocol over SSL/TLS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Security in this case is about being sure everyone gets exactly the
same repository as stored on the server, without any modifications to
the sources cased by MITM.

As for "smart" http, this seems pretty much cool.However, we're
currently using lighthttpd, so it might be an issue. We'll check on
whether "smart" http is used there, and if not guess it wouldn't be a
big deal to switch to apache.

On Fri, Dec 27, 2013 at 8:20 PM, Matthieu Moy
<Matthieu.Moy@xxxxxxxxxxxxxxx> wrote:
> Andreas Schwab <schwab@xxxxxxxxxxxxxx> writes:
>
>> Sergey Sharybin <sergey.vfx@xxxxxxxxx> writes:
>>
>>> So guess we just need to recommend using https:// protocol instead of
>>> git:// for our users?
>>
>> Given how easy it is to verify the integrity of a git repository out of
>> band there isn't really much of added security by using TLS for
>> transport.
>
> You can verify integrity after the fact, but not guarantee
> confidentiality ... so it again depends on the definition of "security".
>
> --
> Matthieu Moy
> http://www-verimag.imag.fr/~moy/



-- 
With best regards, Sergey Sharybin
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]