Fraser Tweedale wrote:
> --- a/Documentation/urls.txt
> +++ b/Documentation/urls.txt
> @@ -11,6 +11,9 @@ and ftps can be used for fetching and rsync can be used for
> and pushing, but these are inefficient and deprecated; do not use
> +The git transport does not do any authentication and should be used
> +with caution on unsecured networks.
How about the something like the following? I'm starting to think it
would make more sense to add a SECURITY section to git-clone(1),
-- >8 --
Subject: doc: clarify git:// transport security notice
The recently added warning about the git protocol's lack of
authentication does not make it clear that the protocol lacks both
client and server authentication. The lack of non IP-based client
auth is obvious (when does user enter her credentials?), while the
lack of authentication of the server is less so, so emphasize it.
Put the warning in context by making an analogy to HTTP's security
properties as compared to HTTPS.
Signed-off-by: Jonathan Nieder <jrnie...@gmail.com>
diff --git a/Documentation/urls.txt b/Documentation/urls.txt
index 9ccb246..bd0058f 100644
@@ -11,8 +11,8 @@ and ftps can be used for fetching and rsync can be used for
and pushing, but these are inefficient and deprecated; do not use
-The native transport (i.e. git:// URL) does no authentication and
-should be used with caution on unsecured networks.
+Like HTTP, the native protocol (used for git:// URLs) does no server
+authentication and should be used with caution on unsecured networks.
The following syntaxes may be used with them:
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html