On 10/31/18 3:43 AM, Stefan Hajnoczi wrote:
When you clone the repository without previous commit history, 'git://'
doesn't protect from man-in-the-middle attacks. HTTPS is more secure
since the client verifies the server certificate.
Reported-by: Jann Horn <ja...@google.com>
Signed-off-by: Stefan Hajnoczi <stefa...@redhat.com>
---
MAINTAINERS | 74 ++++++++++++++++++++++++++---------------------------
1 file changed, 37 insertions(+), 37 deletions(-)
We should also do the same for maintainers using git://repo.or.cz:
$ wget -S
'https://repo.or.cz/qemu/ericb.git/info/refs?service=git-upload-pack'
2>&1 | grep Content-Type
Content-Type: application/x-git-upload-pack-advertisement
For example, my entry would benefit from:
diff --git i/MAINTAINERS w/MAINTAINERS
index 3275cc6bbed..b4b6a5b5df1 100644
--- i/MAINTAINERS
+++ w/MAINTAINERS
@@ -2049,7 +2049,7 @@ F: include/block/nbd*
F: qemu-nbd.*
F: blockdev-nbd.c
F: docs/interop/nbd.txt
-T: git git://repo.or.cz/qemu/ericb.git nbd
+T: git https://repo.or.cz/qemu/ericb.git nbd
NFS
M: Jeff Cody <jc...@redhat.com>
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
