[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: .gitmodules security

From: Alex Ameen
Subject: Re: .gitmodules security
Date: Sun, 6 Feb 2022 14:59:00 -0600
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.12.0

Hey, I can't claim to be an expert about this category of vulnerability; but I appreciate you raising this concern.

So is your recommendation to use instead of git://

On 2/6/22 2:26 PM, Vincent Lefevre wrote:
On 2022-02-06 21:22:11 +0100, Vincent Lefevre wrote:
The .gitmodules file contains:

[submodule "gnulib"]
         path = gnulib
         url = git://
[submodule "bootstrap"]
         path = gl-mod/bootstrap
         url =

but AFAIK, there is no host authentication done with the "git:"
protocol, so that this is vulnerable to MitM attacks.

How about changing this to https?
Additional details: i.e.
according to what is described on

reply via email to

[Prev in Thread] Current Thread [Next in Thread]