[Savannah-hackers-public] [task #15922] Savannah project memberlists do not load (HTTP 500)

2021-03-24 Thread Leo Famulari
URL: Summary: Savannah project memberlists do not load (HTTP 500) Project: Savannah Administration Submitted by: lfam Submitted on: Wed 24 Mar 2021 07:23:42 PM UTC Should Start On: Wed

Re: [Savannah-hackers-public] VERY slow git response from Savannah

2018-02-21 Thread Leo Famulari
On Wed, Feb 21, 2018 at 12:45:24PM -0700, Bob Proulx wrote: > arn...@skeeve.com wrote: > > I would have thought most people would do 'git pull' instead of 'git clone' > > and that pulling wouldn't be quite as intensive, but who knows... > > I think that these days most people do not keep

Re: [Savannah-hackers-public] Git CVE-2017-8386 (auth bypass via git-shell)

2017-06-07 Thread Leo Famulari
On Wed, Jun 07, 2017 at 09:54:54PM +, Assaf Gordon wrote: > Hello > > On Wed, Jun 07, 2017 at 04:39:59PM -0400, Leo Famulari wrote: > > > CVE-2017-8386 [0] was recently fixed for Git. This bug allows remote users > > to bypass authentication restrictions in git-shell

[Savannah-hackers-public] Git CVE-2017-8386 (auth bypass via git-shell)

2017-06-07 Thread Leo Famulari
Dear Savannah, CVE-2017-8386 [0] was recently fixed for Git. This bug allows remote users to bypass authentication restrictions in git-shell and possibly have other impacts. This bug was fixed in upstream Git maintenance releases Git v2.4.12, v2.5.6, v2.6.7, v2.7.5, v2.8.5, v2.9.4, v2.10.3,

Re: [Savannah-hackers-public] "Stay in secure (https) mode after login"

2017-03-15 Thread Leo Famulari
On Wed, Mar 15, 2017 at 11:26:16AM -0400, Assaf Gordon wrote: > There is an on-going discussion about forcing HTTPS everywhere on savannah. I think that would be a good thing. > Can you provide a specific example of a URL you can access in HTTP, > and it allows you to make changes (I don't doubt

Re: [Savannah-hackers-public] "Stay in secure (https) mode after login"

2017-03-14 Thread Leo Famulari
On Tue, Mar 14, 2017 at 03:59:18PM -0400, Leo Famulari wrote: > The Savannah login page includes a checkbox that reads "Stay in secure > (https) mode after login". > > Just to see what would happen, I logged in with this box unchecked. I > ended up at <https://sa

[Savannah-hackers-public] "Stay in secure (https) mode after login"

2017-03-14 Thread Leo Famulari
The Savannah login page includes a checkbox that reads "Stay in secure (https) mode after login". Just to see what would happen, I logged in with this box unchecked. I ended up at . I couldn't convince Savannah and my browsers to log me in to .

Re: [Savannah-hackers-public] vcs0 disk filling up, /var/cache/cgit again

2017-03-13 Thread Leo Famulari
On Mon, Mar 13, 2017 at 11:35:30AM -0600, Bob Proulx wrote: > I am also seeing a lot of cgit snapshot activity. Across all of the > projects. Here is one example. > > [13/Mar/2017:12:34:45 -0400] "GET /cgit/guix.git/snapshot/master.tar.gz > HTTP/1.1" 200 11642975 "-" "GNU Guile" This is

[Savannah-hackers-public] Downstream questions about Savannah and HTTPS

2017-02-11 Thread Leo Famulari
GNU Guix is discussing the possibilities created by Savannah's offering of Git-over-HTTPS: http://lists.gnu.org/archive/html/guix-devel/2017-02/msg00386.html If anyone from Savannah has anything to add to the discussion, feel free to jump in :)

Re: [Savannah-hackers-public] git status update

2017-02-07 Thread Leo Famulari
On Tue, Feb 07, 2017 at 02:04:30PM -0700, Bob Proulx wrote: > I switched git dns over to the new server (again) this morning. > Trying not to thrash the IP address for git+ssh users too often. > Everything git core command specific looks okay for my testing. I pushed a commit to

Re: [Savannah-hackers-public] git over https

2017-02-07 Thread Leo Famulari
On Tue, Feb 07, 2017 at 03:18:32PM -0700, Bob Proulx wrote: > Leo Famulari wrote: > > I bet that most of them use the unauthenticated HTTP or Git protocols > > and are vulnerable to man-in-the-middle attacks and eavesdropping. > > Certainly it is vulnerable to easedropping

Re: [Savannah-hackers-public] git over https

2017-02-07 Thread Leo Famulari
On Tue, Feb 07, 2017 at 02:29:36PM -0500, Paul Smith wrote: > I'm not asking for _authenticated_ HTTPS support, just anonymous access > over HTTPS.  More straightforwardly, I'm looking for HTTPS as an > alternative to our current HTTP support, not an alternative to our > current SSH support. I'd

Re: [Savannah-hackers-public] Serving Git over HTTPS

2016-11-25 Thread Leo Famulari
On Wed, Nov 23, 2016 at 02:30:54AM -0700, Bob Proulx wrote: > Leo Famulari wrote: > > I wonder, is it technically feasible to serve > > <http://git.savannah.gnu.org> over HTTPS? > > > > That would give anonymous users privacy and some measure of authenticity

[Savannah-hackers-public] Serving Git over HTTPS

2016-11-13 Thread Leo Famulari
Greetings throughout the sunny Savannah! I wonder, is it technically feasible to serve over HTTPS? That would give anonymous users privacy and some measure of authenticity when fetching the source code of hosted projects. signature.asc Description: PGP signature