On 27 May 2015 at 09:08, Wouter Verhelst <wou...@debian.org> wrote: > On Mon, May 25, 2015 at 11:38:06AM -0700, Josh Triplett wrote: >> > While we're on the subject of git security...should we stop >> > recommending that non-account-holders use git:// (most efficient, but >> > insecure against MITM unless you manually check the commit number) in >> > preference to https:// (at least some security)? >> > https://wiki.debian.org/Alioth/Git#Accessing_repositories >> >> https:// is actually just as efficient as git:// these days (other than the >> minor overhead of TLS, which is worth it for security). > > Why? Which attack do you envision (other than the ridiculous "the NSA would > see > that we're pushing!", which they can by just doing a git clone too) that would > be thwarted by https but not by signed commits? >
It fails The Dissident Test, hence we should use https or ssh for cloning. And provide only those methods. Overall we should default to protect the privacy of DDs, contributors and our users. I was pondering for some time if we should add that to DFSG or maybe have a GR about it. -- Regards, Dimitri. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CANBHLUgejgSnwJbAh01gEeULyV6iEOQp=tc8jrfc+zd8czd...@mail.gmail.com
