On Sun, 29 Mar 2015 23:35:54 +0600
"Vadim A. Misbakh-Soloviov" wrote:
> Despite of all you're talking about is right from paranoid point of
> view, I'd, anyway, say "DO NOT DO THAT", because you propose to
> revoke the right of choice from the users.
A "right of choice" from the user only makes
On Sun, Mar 29, 2015 at 1:52 PM, Sebastian Pipping wrote:
> On 29.03.2015 19:39, Andrew Savchenko wrote:
>> On Sun, 29 Mar 2015 18:41:33 +0200 Sebastian Pipping wrote:
>>> So I would like to propose that
>>>
>>> * support for Git access through https:// is activated,
>>>
>>> * Git access through h
> GitHub does not support git:// but only secure protocols (HTTPS, SSH),
GitHub DO (!) support git://
$ git clone git://github.com/msva/mva-overlay.git
Cloning into 'mva-overlay'...
remote: Counting objects: 10435, done.
remote: Compressing objects: 100% (41/41), done.
remote: Total 10435 (delta 1
> OpenPGP (GPG is just one implementation), but indeed,
> that is what the gentoo-keys project is about. There is experimental
> support for OpenPGP verification in portage already using gkeys.
> Currently the focus is on getting developer's keys up to GLEP63 specs,
> i currently see 36 good Gentoo
> Doesn't git:// uses SSH wich is secure? I think that was on github.
git+ssh:// — does. git:// — does not. It is just git-daemon listening on
separate port and serving plaintext, readonly (by default) access.
signature.asc
Description: This is a digitally signed message part.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 03/29/2015 06:41 PM, Sebastian Pipping wrote:
> Hi!
>
...
>
> * Why do we serve Git over git:// and http:// if those are
> vulnerable to man-in-the-middle attacks (before having waterproof
> GPG protection for whole repositories in place)?
Op
>
> They would not do online banking over http, right? Why would they run
> code with root privileges from http?
1) Actually, they will :(
2) Because they can't review what bank received via insecure channel, while
they can review what they're themselves received via http/git.
--
Best regards
On Sun, 29 Mar 2015 19:52:38 +0200 Sebastian Pipping wrote:
> On 29.03.2015 19:39, Andrew Savchenko wrote:
> > On Sun, 29 Mar 2015 18:41:33 +0200 Sebastian Pipping wrote:
> >> So I would like to propose that
> >>
> >> * support for Git access through https:// is activated,
> >>
> >> * Git access
On 29.03.2015 19:56, Diamond wrote:
> Doesn't git:// uses SSH wich is secure? I think that was on github.
git:// is "the git protocol" [1] "with absolutely no authentication" and
no encryption.
GitHub does not support git:// but only secure protocols (HTTPS, SSH),
see [2].
Best,
Sebastian
[
On Sun, 29 Mar 2015 18:41:33 +0200
Sebastian Pipping wrote:
> Hi!
>
>
> For the current Gentoo Git setup I found these methods working for
> accessing a repository, betagarden in this case:
>
> git://anongit.gentoo.org/proj/betagarden.git
> (git://git.gentoo.org/proj/betagarden.git)
> (git
On 29.03.2015 19:39, Andrew Savchenko wrote:
> On Sun, 29 Mar 2015 18:41:33 +0200 Sebastian Pipping wrote:
>> So I would like to propose that
>>
>> * support for Git access through https:// is activated,
>>
>> * Git access through http:// and git:// is deactivated, and
>
> Some people have https
On Sun, 29 Mar 2015 18:41:33 +0200 Sebastian Pipping wrote:
> So I would like to propose that
>
> * support for Git access through https:// is activated,
>
> * Git access through http:// and git:// is deactivated, and
Some people have https blocked. http:// and git:// must be
available read-on
Despite of all you're talking about is right from paranoid point of view, I'd,
anyway, say "DO NOT DO THAT", because you propose to revoke the right of
choice from the users.
It is user's decision, which protocol to use to fetch the sources. Although,
you're, of course, free to make layman to f
Hi!
For the current Gentoo Git setup I found these methods working for
accessing a repository, betagarden in this case:
git://anongit.gentoo.org/proj/betagarden.git
(git://git.gentoo.org/proj/betagarden.git)
(git://git.overlays.gentoo.org/proj/betagarden.git)
http://anongit.gentoo.org/git
14 matches
Mail list logo