Laurent Lyaudet wrote: > Bob Proulx a écrit : > > Naming of things is one of the great challenges. > > > > git.git.savannah.gnu.org > > https.git.savannah.gnu.org > > http.git.savannah.gnu.org > > gitweb.git.savannah.gnu.org > > cgit.git.savannah.gnu.org > > I understand you need to rationalize the naming. > But you can see it's not perfect. > Both gitweb.git.savannah.gnu.org > and https.git.savannah.gnu.org > needs to be consulted with https:// for example. > There is a mix between the protocol and the backend application.
All of the web browser URLs will be using https by default because that's what web browsers do these days. Plus there are HTTP Redirects which force the issue for those. The git clone URLs are using git-http-backend the git smart protocol. > Maybe > gitpgit.git.savannah.gnu.org > gitphttps.git.savannah.gnu.org > gitphttp.git.savannah.gnu.org > gitwebphttps.git.savannah.gnu.org > cgitphttps.git.savannah.gnu.org > would have been more coherent? Those are even worse! :-) > But I did laugh when writing it ;) XD. Yes. Things just get longer and uglier as more Hungarian Notation is applied to them. I think what we have is working pretty well. And I hate to thrash things by changing what is working. I think it is now too late to make changes based upon concepts of beauty. > Since git is an insult in slang, it makes a lot of insults, > quite like "Bettelejuice, beetlejuice, beetlejuice" ;) XD. Don't say it! We don't want to wake him. > > > and no security problem... > > > > Security problems? Please say more! > > Just to make someone think he's safe because he uses HTTPS, > and instead it is just HTTP, and someone makes a man in the middle > on the uncrypted dataflow in HTTP in the network, > and then people install, compile, execute compromised software > thinking it was secure free software coming from the FSF, etc. Every commit in git is a sha1 digest. If this introduces a security vulnerability then please debate that with upstream git not here. If you want to suggest using --object-format=sha256 that would be defendable. I admit I don't know the compatibility matrix there. Note that we intentionally maintain the http:// protocols for people behind restrictive firewalls which block https. They arguably need access to free software the most. > > git clone --depth=1 git://git.git.savannah.gnu.org/coreutils.git > That's when reading that line that I thought about Beetlejuice joke ;) XD And it is why I used that strategy because it is easy to see that they all line up. If things are mismatched at that point then they stand out as being mismatched. Bob
