On 2022-02-06 21:22:11 +0100, Vincent Lefevre wrote: > The .gitmodules file contains: > > [submodule "gnulib"] > path = gnulib > url = git://git.sv.gnu.org/gnulib.git > [submodule "bootstrap"] > path = gl-mod/bootstrap > url = https://github.com/gnulib-modules/bootstrap.git > > but AFAIK, there is no host authentication done with the "git:" > protocol, so that this is vulnerable to MitM attacks. > > How about changing this to https?
Additional details: i.e. https://git.savannah.gnu.org/git/gnulib.git according to what is described on https://www.gnu.org/software/gnulib/ -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
