Yeah, i understand this. We can not protect self from every single possible attack.. On Fri, Dec 27, 2013 at 10:26 PM, Bernhard R. Link <brl+git@xxxxxxxxxxxxxx> wrote: > * Sergey Sharybin <sergey.vfx@xxxxxxxxx> [131227 15:25]: >> Security in this case is about being sure everyone gets exactly the >> same repository as stored on the server, without any modifications to >> the sources cased by MITM. > > Note that ssl (and thus https) only helps here against a resource-less > man-in-the-middle. Getting catch-all CA-signed certificates is said to > no longer available to everyone as easily as it was some years ago, but > unless you allow only one private CA (and even there clients often fail) > you still should assume everyone resourceful enough to still be able to > do MITM. > > Bernhard R. Link -- With best regards, Sergey Sharybin -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html