[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 3/4] MAINTAINERS: use 'https://' instead of 'git
From: |
Eric Blake |
Subject: |
Re: [Qemu-devel] [PATCH 3/4] MAINTAINERS: use 'https://' instead of 'git://' for GitHub |
Date: |
Wed, 31 Oct 2018 08:31:09 -0500 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1 |
On 10/31/18 3:43 AM, Stefan Hajnoczi wrote:
When you clone the repository without previous commit history, 'git://'
doesn't protect from man-in-the-middle attacks. HTTPS is more secure
since the client verifies the server certificate.
Reported-by: Jann Horn <address@hidden>
Signed-off-by: Stefan Hajnoczi <address@hidden>
---
MAINTAINERS | 74 ++++++++++++++++++++++++++---------------------------
1 file changed, 37 insertions(+), 37 deletions(-)
We should also do the same for maintainers using git://repo.or.cz:
$ wget -S
'https://repo.or.cz/qemu/ericb.git/info/refs?service=git-upload-pack'
2>&1 | grep Content-Type
Content-Type: application/x-git-upload-pack-advertisement
For example, my entry would benefit from:
diff --git i/MAINTAINERS w/MAINTAINERS
index 3275cc6bbed..b4b6a5b5df1 100644
--- i/MAINTAINERS
+++ w/MAINTAINERS
@@ -2049,7 +2049,7 @@ F: include/block/nbd*
F: qemu-nbd.*
F: blockdev-nbd.c
F: docs/interop/nbd.txt
-T: git git://repo.or.cz/qemu/ericb.git nbd
+T: git https://repo.or.cz/qemu/ericb.git nbd
NFS
M: Jeff Cody <address@hidden>
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org