[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] Use https:// instead of git://.
|
From: |
Simon Josefsson |
|
Subject: |
Re: [PATCH] Use https:// instead of git://. |
|
Date: |
Sun, 10 Jan 2021 11:34:14 +0100 |
Bruno Haible <bruno@clisp.org> writes:
> Hi Simon,
>
> Can you briefly say, why, please? Is the 'git' protocol unsecure?
> Is it a problem specifically with Savannah? Or what else?
Sorry I should have included this -- I thought it was well-known.
The man page for git-clone https://git-scm.com/docs/git-clone says:
The native transport (i.e. git:// URL) does no authentication and
should be used with caution on unsecured networks.
Savannah appears to have changed default occurances of git:// to
https:// these days. GitLab and GitHub changed their default offerings
for anonymous checkouts long time ago.
There is no problem with git:// if you know what you are doing, as with
everything, but the same can be said for http:// and ftp://, and
apparently the consensus over time is to move to https:// by default for
everything.
> Also:
>
>> -# url = git://git.savannah.gnu.org/gnulib.git
>> +# url = https://git.savannah.gnu.org/git/gnulib.git gnulib
>
> Is this syntactically right?
Thank you -- that was not intentional. I have fixed this, see
attachment.
Jeffrey Walton <noloader@gmail.com> writes:
> This may cause trouble for some of the machines on the compile farm.
>
> The problem is, Git is old and cacerts are beyond their shelf life.
> Trying to checkout with https:// fails. The CFarm admins tell users to
> checkout using git:// instead.
It is fine to use the old variant if you want to, but my point is that
the new default should be https:// going forward. Maybe we can see if
the change causes any problems, and what they are? Let us know if you
notice any change -- the majority of gnulib already uses https:// URLs
for git repositories.
/Simon
From 411da821020a5f3e8ae592fd396854af2d8de046 Mon Sep 17 00:00:00 2001
From: Simon Josefsson <simon@josefsson.org>
Date: Sun, 10 Jan 2021 11:28:31 +0100
Subject: [PATCH] Correct preceeding change.
* top/gitsub.sh: Update link.
---
ChangeLog | 5 +++++
top/gitsub.sh | 4 ++--
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index bc2e033c8..a5bf3ec78 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2021-01-10 Simon Josefsson <simon@josefsson.org>
+
+ Correct preceeding change.
+ * top/gitsub.sh: Update link.
+
2021-01-09 Bruno Haible <bruno@clisp.org>
immutable: Add tests.
diff --git a/top/gitsub.sh b/top/gitsub.sh
index de6cb828e..b0be2e1a7 100755
--- a/top/gitsub.sh
+++ b/top/gitsub.sh
@@ -64,13 +64,13 @@
#
# You don't add this piece of configuration to .gitmodules manually.
Instead,
# you would invoke
-# $ git submodule add --name "gnulib" --
https://git.savannah.gnu.org/git/gnulib.git
+# $ git submodule add --name "gnulib" --
https://git.savannah.gnu.org/git/gnulib.git gnulib
#
# * The subdirectories that are not git submodules, in a similar syntax. For
# example:
#
# [subcheckout "gnulib"]
-# url = https://git.savannah.gnu.org/git/gnulib.git gnulib
+# url = https://git.savannah.gnu.org/git/gnulib.git
# path = gnulib
#
# Here the URL is the one used for anonymous checkouts of the dependency
--
2.20.1
signature.asc
Description: PGP signature
Re: [PATCH] Use https:// instead of git://., Jeffrey Walton, 2021/01/09