On Sat, Apr 11, 2020 at 10:14:38PM +1200, Ben Cooksley wrote:
> Hi all,
>
> As part of the preparations for the move to Gitlab, and the rewrite of
> our anongit tooling, one of the things we have looked into is how the
> anongit network in general operates.
>
> As part of this, it has been observed that the git:// protocol is
> unencrypted, and thus vulnerable to intercept and manipulation by
> hostile actors.
>
> We have therefore decided that support for the git:// protocol to
> access KDE Git repositories will cease following our migration to
> Gitlab.
>
> Going forward, all anonymous access should take place instead over
> https, which is encrypted, and has the added benefit of offering
> support for redirects (should those be needed)
For kdesrc-build users, as Johan Ouwerkerk noted on the other Gitlab
thread, kdesrc-build since January 2020 has already switched over to
using https for KDE-based source repositories in anticipation of this
change. Thanks to Ben and the sysadmin team for coordinating ahead of
time on this, it's allowed us to have it deployed for 3 months now and
we haven't heard of any breakage as a result of this change.
One important note is that if you have any git repositories that you
have manually checked out using KDE's anongit, you may need to either
manually adjust it to use a https:// git remote (if it uses git:// now),
or adjust it to use a kde: remote (as explained at
https://community.kde.org/Sysadmin/GitKdeOrgManual#Let_Git_rewrite_URL_prefixes).
kdesrc-build configures git to understand this "kde:" prefix by default.
Regards,
- Michael Pyne
