[Clo-devel] HTTPS

Frank fau at riseup.net
Wed Jan 28 09:11:20 UTC 2015


Hello,

First I'm not an expert in the following matter so please correct me if
I'm wrong here! But my concern is that without HTTPS enabled for git a
man in the middle attack would be possible.

As far as I understand cloning a git repo is atm only possible via
standard git protocol (e.g. git clone
git://common-lisp.net/projects/alexandria/alexandria.git) and I believe
the git protocol is not secured.  See
https://gist.github.com/grawity/4392747.

What is the greatest software in world good for if you can't distribute
it securely?


On Wed, 2015-01-28 at 09:14 +0100, Mario S. Mommer wrote:
> Hi,
> 
> if I understood correctly, the issue is that although the repositories
> are public, it is still nobody's business what one does download.
> 
> We need a proper key setup anyway, which implies buying an ssl
> certificate. I'll look into this.
> 
> Once we have the cert, it is just a matter of enabling https, and
> public repos can be checked out or cloned in a secure manner.
> 
> Regards,
> 	Mario
> 
> On Tue, 27 Jan 2015 23:06:56 +0100
> Erik Huelsmann <ehuels at gmail.com> wrote:
> > Hi Frank,
> > 
> > On Tue, Jan 27, 2015 at 10:29 PM, Frank <fau at riseup.net> wrote:
> > 
> > > Have you made any progress regarding https access via git?
> > >
> > 
> > Hi! Thanks for sending a follow-up. Actually, reading Mario's
> > response, I was under the impression that we were waiting for a
> > response to Mario's mail: From Mario's mail I read that there are
> > some doubts as to what that would add? In other words: why do you
> > want https, given that the code you'll be cloning is public code
> > anyway?
> > 
> > 
> > Regards,
> > 






More information about the clo-devel mailing list