On Tue, Dec 01, 2020 at 10:58:15AM +0100, Ævar Arnfjörð Bjarmason wrote: > Change advertised git:// links to https://. These all work as > arguments to "git clone", but in addition they also have friendly web > interfaces. This is a good idea, I think. Not only for that reason, but because https:// is more secure. You can verify tags from the maintainer's signature, of course, but if you are just fetching some refs, you are relying on the remote server not to lie to you. With https://, you at least have some assurance that it is the remote server you intended to talk to, and not a man-in-the-middle over the totally unauthenticated git:// protocol. > This leaves just git://ozlabs.org/~paulus/gitk as the only git:// > URL. As far as I can tell there's no web interface for it. There is > e.g. https://git.ozlabs.org/?p=ppp.git which is a frontend for > git://git.ozlabs.org/~paulus/ppp.git, but even though cloning the repo > at git://git.ozlabs.org/~paulus/gitk.git works (not the "git" subdomain) s/not/note/ in this last line? -Peff
