libtool
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: .gitmodules security


From: Vincent Lefevre
Subject: Re: .gitmodules security
Date: Sun, 6 Feb 2022 21:26:30 +0100
User-agent: Mutt/2.1.5+134 (92686e5d) vl-138565 (2022-02-02)

On 2022-02-06 21:22:11 +0100, Vincent Lefevre wrote:
> The .gitmodules file contains:
> 
> [submodule "gnulib"]
>         path = gnulib
>         url = git://git.sv.gnu.org/gnulib.git
> [submodule "bootstrap"]
>         path = gl-mod/bootstrap
>         url = https://github.com/gnulib-modules/bootstrap.git
> 
> but AFAIK, there is no host authentication done with the "git:"
> protocol, so that this is vulnerable to MitM attacks.
> 
> How about changing this to https?

Additional details: i.e. https://git.savannah.gnu.org/git/gnulib.git
according to what is described on

  https://www.gnu.org/software/gnulib/

-- 
Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)



reply via email to

[Prev in Thread] Current Thread [Next in Thread]