Bug 266 - Allow read-only git clone over https
Summary: Allow read-only git clone over https
Status: RESOLVED FIXED
Alias: None
Product: Libre-SOC Website
Classification: Unclassified
Component: website (show other bugs)
Version: unspecified
Hardware: All All
: --- enhancement
Assignee: Luke Kenneth Casson Leighton
URL:
Depends on:
Blocks:
 
Reported: 2020-03-25 22:12 GMT by Jacob Lifshay
Modified: 2020-05-18 22:07 BST (History)
2 users (show)

See Also:
NLnet milestone: ---
total budget (EUR) for completion of task and all subtasks: 0
budget (EUR) for this task, excluding subtasks' budget: 0
parent task for budget allocation:
child tasks for budget allocation:
The table of payments (in EUR) for this task; TOML format:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jacob Lifshay 2020-03-25 22:12:49 GMT 
The git protocol is a insecure protocol, we should also support cloning over https.
Comment 1 Jacob Lifshay 2020-03-25 22:15:28 GMT 
A potentially useful reference (not known to be correct):
http://swarm.cs.pub.ro/~razvan/blog/http-repository-sharing-asides-gitweb/

Showing the URL required for cloning is a good accessibility improvement.
Comment 2 Veera 2020-03-26 07:42:14 GMT 
Yes. git protocol is insecure over untrusted network as documented in official git-scm.org site itself.

Please use new protocol for http/https protocol and not the old dumb protocol.
Comment 3 Luke Kenneth Casson Leighton 2020-03-26 10:09:26 GMT 
hmm really we should be doing git tag signing and/or git commit sign-off,
with gpg keys.  relying on HTTPS in particular for security just paints
a bullseye on the server.
Comment 4 Luke Kenneth Casson Leighton 2020-05-18 21:42:59 BST 
changing the topic of this bugreport.
Comment 5 Jacob Lifshay 2020-05-18 22:07:07 BST 
(In reply to Luke Kenneth Casson Leighton from comment #4)
> changing the topic of this bugreport.

Luke changed back to avoid confusion. Sincere thanks for taking the extra time!