Re: [PATCH] MaintNotes: use https:// instead of git:// when possible

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Jeff King <peff@xxxxxxxx> writes:

> On Tue, Dec 01, 2020 at 10:58:15AM +0100, Ævar Arnfjörð Bjarmason wrote:
>
>> Change advertised git:// links to https://. These all work as
>> arguments to "git clone", but in addition they also have friendly web
>> interfaces.
>
> This is a good idea, I think. Not only for that reason, but because
> https:// is more secure. You can verify tags from the maintainer's
> signature, of course, but if you are just fetching some refs, you are
> relying on the remote server not to lie to you. With https://, you at
> least have some assurance that it is the remote server you intended to
> talk to, and not a man-in-the-middle over the totally unauthenticated
> git:// protocol.
>
>> This leaves just git://ozlabs.org/~paulus/gitk as the only git://
>> URL. As far as I can tell there's no web interface for it. There is
>> e.g. https://git.ozlabs.org/?p=ppp.git which is a frontend for
>> git://git.ozlabs.org/~paulus/ppp.git, but even though cloning the repo
>> at git://git.ozlabs.org/~paulus/gitk.git works (not the "git" subdomain)
>
> s/not/note/ in this last line?

With or without the tweak, I couldn't figure out what the paragraph
wanted to say.  On the other hand, I didn't quite get why "friendly
web interfaces" matters until trying to read the paragraph again to
realize that it was talking about repository browser like gitweb and
cgit.

I'd probably rephrase the entire proposed commit log message to
something like:

	Most git:// URLs listed for the copies of the Git repository
	have working corresponding https:// URLs that can be given
	to a browser to browse the repository interactively.  List
	https:// URL instead of git:// URL for such repositories.
	The former is also more secure, even though it may be more
	expensive.

without mentioning ozlabs at all.

Thanks.




[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux