[I'm not subscribed. Please CC me on followups.] Two points: 1) The FAQ/VariousKernelTrees page is embarrassingly outdated with a last update in 2007 and still referring to 2.6.* as current, while both it and 3.x are arguably now historical status. 2) I actually followed a link to kernelnewbies from kernel.org, while looking for current recommendations on /secure/ git remote URLs -- it occurred to me that I really should replace my current git:// fetches with something more secure, and I wondered what was current best-practice. While rather less technical than most of the material covered here, it seems neither kernel.org nor kernelnewbies.org has an immediately obvious (including in the FAQ, at least that's immediately obvious) link to a discussion of something so basic. kernel.org does list https://git.kernel.org , but there's no real discussion or recommendation of https vs. less secure protocols, pointing out that git:// (apparently) isn't secure or indication of whether the obvious gits:// will or won't work, and no indication that the just as prominently listed rsync:// url (apparently) isn't secure either, let alone any distinction in terms of what's available, releases vs live git tree, between the three listings there (http/git/rsync). kernelnewbies.org does appear to have some basic instructions on the OutreachyfirstpatchSetup page, but there's three problems with that: a) Outreachy isn't immediately obvious as where one should look for this. I thought the front page outreachy link was to some organizational blurb (for all I know it is as I followed a more convoluted path to the above page), not a howto, and in terms of the patches part, I already know how to apply patches but am more personal systems admin and git kernel builder/tester/bug-reporter than coder so don't really generate patches for more than private use, and simply wanted information on updating my git pull URLs to something more secure. b) The staging tree might not be the best example for true kernel git sources newbies, mainline is arguably a better one. c) The example again appears dated and insecure, using the git:// protocol that the git-fetch manpage's GIT URLS discussion specifically warns should be used with caution on unsecured networks like the general internet, because it does no authentication and is /not/ secured. FWIW, I'm going with the https://git.kernel.org link for now, but thought it worth the trouble to at least post this as someone who can do something about it definitely needs to update (or delete if not considered with the trouble to update) those two pages at least, and possibly provide a more obvious basic mainline kernel git setup link on the front page, as well. Because right now they're just adding to the huge pile of outdated and now actively security-dangerous advice about Linux out there on the net. -- Duncan - No HTML messages please; they are filtered as spam. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman _______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
