Laszlo Gaal has posted comments on this change. ( http://gerrit.cloudera.org:8080/12303 )
Change subject: Use git:// protocol to clone kudu ...................................................................... Patch Set 2: > Patch Set 2: > > I'm not too up-to-speed with the pros and cons of different git protocols. I > understand git:// has some security limitations. > > I believe all of the platforms that build Kudu can connect to github over ssh. Yes, git:// is unauthenticated, so it can be subject to a man-in-the-middle attack. The problem with SSH is not a protocol problem, it's an authentication problem: SSH wants to perform mutual authN, so you need to supply a key. In our internal automation framework all the build workers came equipped with an old, legacy private key that was recognized by github.com, so things "just worked". This key was recently disabled, and it would be much better if we did not have to supply another key just to keep the build process going. HTTPS would solve the server authN/MITM problem once we figure out the SSL versions we need to run. Until that happens git:// would be a workable option as long as we ensure that our binary publishing builds run off of internal mirrors. -- To view, visit http://gerrit.cloudera.org:8080/12303 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: native-toolchain Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I60eaff3f38d9659ed79693b93e9232a97a1d5d9e Gerrit-Change-Number: 12303 Gerrit-PatchSet: 2 Gerrit-Owner: [email protected] <[email protected]> Gerrit-Reviewer: Laszlo Gaal <[email protected]> Gerrit-Reviewer: Tim Armstrong <[email protected]> Gerrit-Comment-Date: Fri, 08 Feb 2019 13:41:08 +0000 Gerrit-HasComments: No
