Andreas Schwab <> writes:

> Sergey Sharybin <> writes:
>> So guess we just need to recommend using https:// protocol instead of
>> git:// for our users?
> Given how easy it is to verify the integrity of a git repository out of
> band there isn't really much of added security by using TLS for
> transport.

You can verify integrity after the fact, but not guarantee
confidentiality ... so it again depends on the definition of "security".

Matthieu Moy
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to
More majordomo info at

Reply via email to