On 22/02/16 02:50 PM, Joe Anakata wrote:
Yes, why?
What's the point?
The repos are public, so cloning them over https bring nothing, except
extra overhead and server load.
While pretty unlikely, in theory someone could MITM a git:// clone and
send the user a hax0red branch of cgit with integrated botnet which
the user then compiles and installs on their server.
Everything is possible "in theory" ... But folks really need to stop
thinking that https is the impenetrable solution to everything.
_______________________________________________
CGit mailing list
[email protected]
http://lists.zx2c4.com/mailman/listinfo/cgit
