On 22/02/16 20:50, Joe Anakata wrote:
On 22/02/16 19:16, Jason A. Donenfeld wrote:
Now that git.zx2c4.com runs over HTTPS, I'm considering getting rid of
the plaintext git:// endpoint for cloning.
Ferry Huberts Proclaimed Thus:
Yes, why?
What's the point?
The repos are public, so cloning them over https bring nothing, except
extra overhead and server load.
While pretty unlikely, in theory someone could MITM a git:// clone and
send the user a hax0red branch of cgit with integrated botnet which
the user then compiles and installs on their server.
That is a pretty unlikely and sophisticated attack vector, for
admittedly little gain. Someone with an existing clone can immediately
see that thing are off.
It is a vector though, so if you really want to defend against it, then
just ignore my comments ;-)
Not sure if the extra server load is worth it to defend against this
case or not. (Also, presumably the server is using the cgit smart http
endpoint so https clone is not much additional DATA, just the ssl
handshake; but definitely additional cpu for crypto operations.)
Thanks
-Joe
_______________________________________________
CGit mailing list
[email protected]
http://lists.zx2c4.com/mailman/listinfo/cgit
--
Ferry Huberts
_______________________________________________
CGit mailing list
[email protected]
http://lists.zx2c4.com/mailman/listinfo/cgit
