Hi,
Fraser Tweedale wrote:
> --- a/Documentation/urls.txt
> +++ b/Documentation/urls.txt
> @@ -11,6 +11,9 @@ and ftps can be used for fetching and rsync can be used for
> fetching
> and pushing, but these are inefficient and deprecated; do not use
> them).
>
> +The git transport does not do
The fact that the git transport does not do any authentication is
easily overlooked. For example, DNS poisoning may result in
fetching from somewhere that was not intended.
Add a brief security notice to the "GIT URLS" section of the
documentation stating that the git transport should be used wit
The fact that the git transport does not do any authentication is
easily overlooked. For example, DNS poisoning may result in
fetching from somewhere that was not intended.
Add a brief security notice to the "GIT URLS" section
of the documentation stating that the git transport should be used
wit
On Mon, Jun 24, 2013 at 03:35:19PM -0700, Junio C Hamano wrote:
> > I don't understand this. How is git:// insecure?
>
> If your DNS is poisoned, or your router is compromised to allow your
> traffic diverted, you may be fetching from somewhere you did not
> intend to. As I explained in a separat
Fredrik Gustafsson writes:
> On Tue, Jun 25, 2013 at 07:57:35AM +1000, Fraser Tweedale wrote:
>> The git transport is insecure and should be used with caution on
>> unsecured networks.
>
> I don't understand this. How is git:// insecure?
>
> It's protocol with no authentication, because it's a
Fraser Tweedale writes:
> Junio, do you prefer the following more generic wording? If so I
> will re-roll the patch (also note s/protocol/transport/ which is
> more appropriate, I think).
>
> The git transport is insecure and should be used with caution on
> unsecured networks.
Generic but I
On Tue, Jun 25, 2013 at 07:57:35AM +1000, Fraser Tweedale wrote:
> The git transport is insecure and should be used with caution on
> unsecured networks.
I don't understand this. How is git:// insecure?
It's protocol with no authentication, because it's a protocol used for
public sharing.
The
On Mon, Jun 24, 2013 at 09:24:29AM -0700, Junio C Hamano wrote:
> Fraser Tweedale writes:
>
> > The fact that the git transport has no end-to-end security is easily
> > overlooked. Add a brief security notice to the "GIT URLS" section
> > of the documentation stating that the git transport shoul
Fraser Tweedale writes:
> The fact that the git transport has no end-to-end security is easily
> overlooked. Add a brief security notice to the "GIT URLS" section
> of the documentation stating that the git transport should be used
> with caution on unsecured networks.
>
> Signed-off-by: Fraser
The fact that the git transport has no end-to-end security is easily
overlooked. Add a brief security notice to the "GIT URLS" section
of the documentation stating that the git transport should be used
with caution on unsecured networks.
Signed-off-by: Fraser Tweedale
---
Documentation/urls.txt
10 matches
Mail list logo
