On Fri, 27 Dec 2013 19:58:19 +0600
Sergey Sharybin <sergey....@gmail.com> wrote:

> > Yes, but it will only be secure if you've managed to verify the
> > server's certificate and do trust its issuer (or a CA higher up the
> > cert's trust chain) -- people tend to confuse "encrypted" with
> > "secure" which is not at all the same thing.
> We've got CA-signed certificate atm and it's about to be also
> EV-signed for our server (git.blender.org). So this is not gonna to be
> an issue. Cloning over https:// works fine, but we wanted to be sure
> all the bits are secure.

This setup sounds to be just the right thing.

> So guess we just need to recommend using https:// protocol instead of
> git:// for our users?

I think yes.  HTTP[S] once was dumb and slow but now it should be
comparable in speed to git:// as essentially using this protocol (which
became "smart" [1]) means spawning a git server process once per fetch/push
session and making the client and server Git processes communicate all by
themselves, so HTTP is there for request routing, authentication and
session setup while data transfer is carried out by Git processes
themselves [2].

1. http://git-scm.com/blog/2010/03/04/smart-http.html
2. https://www.kernel.org/pub/software/scm/git/docs/git-http-backend.html
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to