Strange, I've responded to this item on the website interface,
but have not seen an email sent to the mailing list (or on the mailing list
website at
http://lists.gnu.org/archive/html/savannah-hackers-public/2014-09/index.html ).
http://savannah.gnu.org/task/?13333
In any case, my response is attached below.
On 09/26/2014 12:39 PM, anonymous wrote:
Details:
https://savannah.gnu.org/maintenance/UsingGit/ recommends the git: protocol,
with http and a fallback when that port is blocked.
Neither of the protocols offers for read-only access support encryption or
server authentication. This leaves visitors vulnerable to mitm code injection
and passive surveillance.
Please ad https support, and recommend it over the git protocol.
Hello,
Since this was posted anonymously, I do not thing a discussion will result.
But for future reference, here are some relevant items:
1. A similar previous request:
https://savannah.gnu.org/support/?108556
2. A relevant discussion on the GIT mailing list:
Subject: "git:// protocol over SSL/TLS"
http://marc.info/?l=git&m=138814914720394&w=2
3. A comment by Andreas Schwab, saying:
"Given how easy it is to verify the integrity of a git repository out of band there
isn't really much of added security by using TLS for transport."
http://marc.info/?l=git&m=138815353821210&w=2
As such, I'm closing this item.
- Assaf
