[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Repo-criteria-discuss] [Savannah-hackers-public] Savannah and HTTPS
From: |
Paul Smith |
Subject: |
Re: [Repo-criteria-discuss] [Savannah-hackers-public] Savannah and HTTPS |
Date: |
Mon, 10 Oct 2016 13:39:04 -0400 |
On Fri, 2016-10-07 at 22:16 -0400, Mike Gerwitz wrote:
> On Mon, Sep 19, 2016 at 12:30:03 +0200, Hanno Böck wrote:
> > *The code repositories*
> >
> > Now all of the above can be aleviated a bit if a user carefully uses
> > https all the time manually or uses a plugin like https everywhere. But
> > even more worrying is that there is no way to access the savannah git
> > repositories in a secure way for anonymous users.
> >
> > If you look at a repository site like this:
> > http://savannah.gnu.org/git/?group=patch
> >
> > There are two ways to clone the repo: Over the git:// protocol, which
> > is plaintext and insecure, and over ssh, which is only available if you
> > have a savannah account and are a member of that project. Therefore for
> > all people that are not part of a project there is no secure way of
> > getting the git code.
Most replies seem to be concentrating on the Savannah web page, but
personally I think this lack of any ability to retrieve source via a
secure channel, even one wanted to, is a much bigger issue.
Maybe we can concentrate on what it would take to solve this problem
immediately, and leave the less clear-cut issues for later?
- Re: [Repo-criteria-discuss] HSTS screw?, (continued)
- Re: [Repo-criteria-discuss] HSTS screw?, Hanno Böck, 2016/10/11
- Re: [Repo-criteria-discuss] HSTS screw?, Richard Stallman, 2016/10/11
- Re: [Repo-criteria-discuss] HSTS screw?, Hanno Böck, 2016/10/12
- Re: [Repo-criteria-discuss] HSTS screw?, Richard Stallman, 2016/10/12
- Re: [Repo-criteria-discuss] HSTS screw?, Mike Gerwitz, 2016/10/12
- Re: [Repo-criteria-discuss] HSTS screw?, Richard Stallman, 2016/10/13
- Re: [Repo-criteria-discuss] HSTS screw?, Mike Gerwitz, 2016/10/13
- Re: [Repo-criteria-discuss] Savannah and HTTPS, Mike Gerwitz, 2016/10/10
Re: [Repo-criteria-discuss] [Savannah-hackers-public] Savannah and HTTPS,
Paul Smith <=