On Sun, Mar 29, 2015 at 1:52 PM, Sebastian Pipping <sp...@gentoo.org> wrote: > On 29.03.2015 19:39, Andrew Savchenko wrote: >> On Sun, 29 Mar 2015 18:41:33 +0200 Sebastian Pipping wrote: >>> So I would like to propose that >>> >>> * support for Git access through https:// is activated, >>> >>> * Git access through http:// and git:// is deactivated, and >> >> Some people have https blocked. http:// and git:// must be >> available read-only. > > They would not do online banking over http, right? Why would they run > code with root privileges from http? >
I don't see the point in disabling it. Certainly we should support ssl though. If people want to obtain their code over http they should be permitted to do so. Even without using ssl it is easy to just check that your commit hash is correct and it becomes as tamper-proof as sha1 (tell me again why the scm of the future is still using sha1?). -- Rich