[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
.gitmodules security
From: |
Vincent Lefevre |
Subject: |
.gitmodules security |
Date: |
Sun, 6 Feb 2022 21:22:11 +0100 |
User-agent: |
Mutt/2.1.5+134 (92686e5d) vl-138565 (2022-02-02) |
The .gitmodules file contains:
[submodule "gnulib"]
path = gnulib
url = git://git.sv.gnu.org/gnulib.git
[submodule "bootstrap"]
path = gl-mod/bootstrap
url = https://github.com/gnulib-modules/bootstrap.git
but AFAIK, there is no host authentication done with the "git:"
protocol, so that this is vulnerable to MitM attacks.
How about changing this to https?
--
Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
- .gitmodules security,
Vincent Lefevre <=
- Re: .gitmodules security, Vincent Lefevre, 2022/02/06
- Re: .gitmodules security, Alex Ameen, 2022/02/06
- Re: .gitmodules security, Vincent Lefevre, 2022/02/06
- Re: .gitmodules security, Mike Frysinger, 2022/02/06
- Re: .gitmodules security, Vincent Lefevre, 2022/02/06
- Re: .gitmodules security, Mike Frysinger, 2022/02/06
- Re: .gitmodules security, Vincent Lefevre, 2022/02/07
- Re: .gitmodules security, Mike Frysinger, 2022/02/07
- Re: .gitmodules security, Vincent Lefevre, 2022/02/07
- Re: .gitmodules security, Mike Frysinger, 2022/02/11