On Fri, 27 Dec 2013 20:25:16 +0600 Sergey Sharybin <sergey.vfx@xxxxxxxxx> wrote: > Security in this case is about being sure everyone gets exactly the > same repository as stored on the server, without any modifications to > the sources cased by MITM. > > As for "smart" http, this seems pretty much cool.However, we're > currently using lighthttpd, so it might be an issue. We'll check on > whether "smart" http is used there, and if not guess it wouldn't be a > big deal to switch to apache. The web server software has nothing to do with HTTP[S] used by Git being "smart", I think, it just has to be set up properly. As discussed in an earlier thread here, a good indication of the dumb version of the protocol being in use is no display of the fetching progress on the client while doing `git clone` because this information (like "compressing objects ..." etc) is sent by the server-side Git process which is only there if HTTP[S] "was smart". Otherwise the client just GETs packs of objects, traverses them, GETs more and so on, so batches of HTTP GET requests correlating to clone sessions in the web server logs should also be indicative of the problem. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html