* git:// warn as connection not secure
@ 2023-12-01 11:57 Jonny Grant
2023-12-01 21:24 ` Eric Wong
0 siblings, 1 reply; 3+ messages in thread
From: Jonny Grant @ 2023-12-01 11:57 UTC (permalink / raw)
To: git
Hello
May I ask if anyone has suggested adding a default warning that git:// is not a secure connection?
ie "warning: git:// is not a secure connection. https and ssh are secure."
$ git clone git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Cloning into 'linux'...
remote: Enumerating objects: 9863119, done.
remote: Counting objects: 100% (2360/2360), done.
remote: Compressing objects: 100% (1282/1282), done.
^Cceiving objects: 0% (8779/9863119), 3.21 MiB | 6.41 MiB/s
Kind regards
Jonny
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: git:// warn as connection not secure
2023-12-01 11:57 git:// warn as connection not secure Jonny Grant
@ 2023-12-01 21:24 ` Eric Wong
2023-12-05 20:42 ` Jonny Grant
0 siblings, 1 reply; 3+ messages in thread
From: Eric Wong @ 2023-12-01 21:24 UTC (permalink / raw)
To: Jonny Grant; +Cc: git
Jonny Grant <jg@jguk.org> wrote:
> Hello
> May I ask if anyone has suggested adding a default warning that git:// is not a secure connection?
>
> ie "warning: git:// is not a secure connection. https and ssh are secure."
To be accurate, that would need an exclusion list of hosts behind
already-encrypted and trusted networks. So stuff like .onion hostnames
for Tor, and a user-configurable list of hosts in a private LAN/VPN.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: git:// warn as connection not secure
2023-12-01 21:24 ` Eric Wong
@ 2023-12-05 20:42 ` Jonny Grant
0 siblings, 0 replies; 3+ messages in thread
From: Jonny Grant @ 2023-12-05 20:42 UTC (permalink / raw)
To: Eric Wong; +Cc: git
On 01/12/2023 21:24, Eric Wong wrote:
> Jonny Grant <jg@jguk.org> wrote:
>> Hello
>> May I ask if anyone has suggested adding a default warning that git:// is not a secure connection?
>>
>> ie "warning: git:// is not a secure connection. https and ssh are secure."
>
> To be accurate, that would need an exclusion list of hosts behind
> already-encrypted and trusted networks. So stuff like .onion hostnames
> for Tor, and a user-configurable list of hosts in a private LAN/VPN.
That sounds good Eric.
Or even just an info message?
"info: git:// itself is an unencrypted connection. https and ssh are secure."
Kind regards
Jonny
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-12-05 20:42 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-12-01 11:57 git:// warn as connection not secure Jonny Grant
2023-12-01 21:24 ` Eric Wong
2023-12-05 20:42 ` Jonny Grant
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).