On Tue, Dec 4, 2018 at 8:31 PM Jonathan Tan <jonathantanmy@xxxxxxxxxx> wrote: > > > Some thoughts here: > > > > First, I'd like to see a section (and a bit in the implementation) > > requiring HTTPS if the original protocol is secure (SSH or HTTPS). > > Allowing the server to downgrade to HTTP, even by accident, would be a > > security problem. > > > > Second, this feature likely should be opt-in for SSH. One issue I've > > seen repeatedly is that people don't want to use HTTPS to fetch things > > when they're using SSH for Git. Many people in corporate environments > > have proxies that break HTTP for non-browser use cases[0], and using SSH > > is the only way that they can make a functional Git connection. > > Good points about SSH support and the client needing to control which > protocols the server will send URIs for. I'll include a line in the > client request in which the client can specify which protocols it is OK > with. What if a client is ok to fetch from some servers but not others (for example github.com and gitlab.com but nothing else)? Or what if a client is ok to fetch using SSH from some servers and HTTPS from other servers but nothing else? I also wonder in general how this would interact with promisor/partial clone remotes. When we discussed promisor/partial clone remotes in the thread following this email: https://public-inbox.org/git/20181016174304.GA221682@xxxxxxxxxxxxxxxxxxxxxxxxx/ it looked like you were ok with having many promisor remotes, which I think could fill the same use cases especially related to large objects. As clients would configure promisor remotes explicitly, there would be no issues about which protocol and servers are allowed or not. If the issue is that you want the server to decide which promisor remotes would be used without the client having to do anything, maybe that could be something added on top of the possibility to have many promisor remotes.