Security in this case is about being sure everyone gets exactly the
same repository as stored on the server, without any modifications to
the sources cased by MITM.
As for "smart" http, this seems pretty much cool.However, we're
currently using lighthttpd, so it might be an issue. We'll check on
whether "smart" http is used there, and if not guess it wouldn't be a
big deal to switch to apache.
On Fri, Dec 27, 2013 at 8:20 PM, Matthieu Moy
> Andreas Schwab <sch...@linux-m68k.org> writes:
>> Sergey Sharybin <sergey....@gmail.com> writes:
>>> So guess we just need to recommend using https:// protocol instead of
>>> git:// for our users?
>> Given how easy it is to verify the integrity of a git repository out of
>> band there isn't really much of added security by using TLS for
> You can verify integrity after the fact, but not guarantee
> confidentiality ... so it again depends on the definition of "security".
> Matthieu Moy
With best regards, Sergey Sharybin
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html