On Fri, 25 Aug 2017 17:46:01 +0200 Hanno Böck wrote:
> On Wed, 23 Aug 2017 11:46:02 +0300
> Andrew Savchenko wrote:
>
> > Sigh... https also makes MITM attacks possible, especially if SSL
> > or TLS < 1.2 is used or are allowed and protocol version downgrade
> > attack may be performed.
>
> None
On Fri, 25 Aug 2017 15:51:25 +0200 Michał Górny wrote:
> W dniu śro, 23.08.2017 o godzinie 11∶46 +0300, użytkownik Andrew
> Savchenko napisał:
> > On Sat, 19 Aug 2017 10:25:02 +0200 Michał Górny wrote:
> > > Explicitly warn about any URI that uses an unsecure protocol (git, http)
> > > even if it's
On Wed, 23 Aug 2017 11:46:02 +0300
Andrew Savchenko wrote:
> Sigh... https also makes MITM attacks possible, especially if SSL
> or TLS < 1.2 is used or are allowed and protocol version downgrade
> attack may be performed.
None of that is true.
You're probably referring to attacks that were spe
W dniu śro, 23.08.2017 o godzinie 11∶46 +0300, użytkownik Andrew
Savchenko napisał:
> On Sat, 19 Aug 2017 10:25:02 +0200 Michał Górny wrote:
> > Explicitly warn about any URI that uses an unsecure protocol (git, http)
> > even if it's a fallback URI. This is necessary because an attacker may
> > bl
On Sat, 19 Aug 2017 10:25:02 +0200 Michał Górny wrote:
> Explicitly warn about any URI that uses an unsecure protocol (git, http)
> even if it's a fallback URI. This is necessary because an attacker may
> block HTTPS connections, effectively forcing the fallback to
> the unsecure protocol.
[...]
>
Explicitly warn about any URI that uses an unsecure protocol (git, http)
even if it's a fallback URI. This is necessary because an attacker may
block HTTPS connections, effectively forcing the fallback to
the unsecure protocol.
---
eclass/git-r3.eclass | 11 ++-
1 file changed, 10 insertio