On Fri, Dec 27, 2013 at 7:36 PM, Konstantin Khomoutov
<flatw...@users.sourceforge.net> wrote:
> The Git protocol does not implement it itself but you can channel it
> over a TLS tunnel (via stunnel for instance).  Unfortunately, this
> means a specialized software and setup on both ends so if the question
> was about a general client using stock Git then the answer is no, it's
> impossible.

Ok, got it.

> Yes, but it will only be secure if you've managed to verify the
> server's certificate and do trust its issuer (or a CA higher up the
> cert's trust chain) -- people tend to confuse "encrypted" with
> "secure" which is not at all the same thing.

We've got CA-signed certificate atm and it's about to be also
EV-signed for our server (git.blender.org). So this is not gonna to be
an issue. Cloning over https:// works fine, but we wanted to be sure
all the bits are secure.

So guess we just need to recommend using https:// protocol instead of
git:// for our users?

With best regards, Sergey Sharybin
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to