Ihor Radchenko wrote:
> Bob Proulx writes:
> > But that URL is not one to be seen by humans though so it should not
> > be a problem for humans to sort out. That's the URL for git clients.
> > And git clients being computer programs are never surprised as such by
> > what they use or find there.
>
> Oh, no. That *is* seen by humans. We need to give it for git clone
> instructions. As a result, for example, it is staring right at the users
> at https://orgmode.org/. Some users are confused.
This is talking about this line on that page:
git clone https://https.git.savannah.nongnu.org/git/org-mode.git
That's staring at users in the git clone command. That is not staring
at users in the web browser location bar. Those are two completely
different things.
Also one of the good reasons to have it be "https" in both places is
because it is easy to match them up. "http" matches with "http",
"https" matches with "https".
The right hand side /git part matches the legacy singleton primary
server where that might have been /git, /gitweb, /cgit, and so on when
on the same hostname it needs the path to differentiate. That was
preserved because it just seemed too confusing to have a different
path part than what we have been using for decades.
It would be possible to detect most typical web browsers and redirect
them to a different landing page when we find humans trying to use
those URLs rather than programs. It didn't seem necessary. And this
then allows people to see the public parts of the raw git repositories
such as the config file and the hooks that are in place. Didn't see a
need to prevent that from happening. It's all public information. We
only host Free Software projects.
> > git.git.savannah.gnu.org
> > https.git.savannah.gnu.org
> > http.git.savannah.gnu.org
> > gitweb.git.savannah.gnu.org
> > cgit.git.savannah.gnu.org
> What about simply mirror.git.savannah.gnu.org?
That would recreate almost the same problem we have today by funneling
all of those services together into one URL all over again.
Take the case that often occurs that we have a botnet that decides to
destroy cgit and hammers cgit to oblivion. If they are all under the
same URL mirror.git.savannah.gnu.org then if ANY of them get DDOS'd
then ALL of them get DDOS'd. That's what we are trying to avoid.
With the split of services to different hostnames allowing us to use
different hosts at different IP addresses we can keep git, https,
http, gitweb up and online by diverting the attack against cgit away
from those other services keeping them online.
This is turning into a good Q&A session! :-)
Bob
