From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:36875) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gKirn-0000W7-7r for qemu-devel@nongnu.org; Thu, 08 Nov 2018 06:52:56 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gKirk-0002Gb-3C for qemu-devel@nongnu.org; Thu, 08 Nov 2018 06:52:55 -0500 Received: from mx1.redhat.com ([209.132.183.28]:54586) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gKirj-0002Ev-SD for qemu-devel@nongnu.org; Thu, 08 Nov 2018 06:52:52 -0500 Date: Thu, 8 Nov 2018 12:52:27 +0100 From: Cornelia Huck Message-ID: <20181108125227.6c295ad9.cohuck@redhat.com> In-Reply-To: <20181108111531.30671-2-stefanha@redhat.com> References: <20181108111531.30671-1-stefanha@redhat.com> <20181108111531.30671-2-stefanha@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [Qemu-devel] [PATCH v4 1/8] README: use 'https://' instead of 'git://' List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Stefan Hajnoczi Cc: qemu-devel@nongnu.org, Daniel Berrange , eblake@redhat.com, Peter Maydell , Jeff Cody , "Michael S. Tsirkin" , Philippe =?UTF-8?B?TWF0aGlldS1EYXVkw6k=?= , Alex =?UTF-8?B?QmVu?= =?UTF-8?B?bsOpZQ==?= , Markus Armbruster , Paolo Bonzini , Fam Zheng On Thu, 8 Nov 2018 11:15:24 +0000 Stefan Hajnoczi wrote: > When you clone the repository without previous commit history, 'git://' > doesn't protect from man-in-the-middle attacks. HTTPS is more secure > since the client verifies the server certificate. >=20 > Reported-by: Jann Horn > Reviewed-by: Daniel P. Berrang=C3=A9 > Reviewed-by: Philippe Mathieu-Daud=C3=A9 > Tested-by: Philippe Mathieu-Daud=C3=A9 > Reviewed-by: Alex Benn=C3=A9e > Signed-off-by: Stefan Hajnoczi > --- > README | 4 ++-- > pc-bios/README | 4 ++-- > 2 files changed, 4 insertions(+), 4 deletions(-) Reviewed-by: Cornelia Huck