From: Stefan Hajnoczi <stefanha@gmail.com>
To: Eric Blake <eblake@redhat.com>
Cc: Jann Horn <jannh@google.com>,
Peter Maydell <peter.maydell@linaro.org>,
jeff@codyprime.org, Stefan Hajnoczi <stefanha@redhat.com>,
Qemu Developers <qemu-devel@nongnu.org>
Subject: Re: [Qemu-devel] insecure git submodule URLs
Date: Tue, 4 Dec 2018 10:32:00 +0000 [thread overview]
Message-ID: <20181204103200.GB5541@stefanha-x1.localdomain> (raw)
In-Reply-To: <0aadcc23-ae86-bb04-a7e2-be654fe5144a@redhat.com>
[-- Attachment #1: Type: text/plain, Size: 1787 bytes --]
On Mon, Oct 08, 2018 at 02:17:39PM -0500, Eric Blake wrote:
> On 7/15/18 7:56 PM, Jann Horn via Qemu-devel wrote:
> > On Sun, Jul 15, 2018 at 11:18 PM Peter Maydell <peter.maydell@linaro.org> wrote:
> > >
> > > On 15 July 2018 at 20:50, Jann Horn via Qemu-devel
> > > <qemu-devel@nongnu.org> wrote:
> > > > I noticed that when I build QEMU from git for the first time, it pulls
> > > > in submodules over the insecure git:// protocol - in other words, as
> > > > far as I can tell, if I'm e.g. on an open wifi network while building
> > > > QEMU for the first time, even if I cloned the main repository over
> > > > https, anyone could smuggle in malicious code as part of e.g. a
> > > > submodule's makefile.
> > >
> > > Yes, this came up the other week.
> > >
> > > > I'm not sure what your preferred fix for this is, so I'm not sending a
> > > > patch yet. As far as I can tell, the two options are:
> > > >
> > > > - change .gitmodules to use https for everything
> > >
> > > We should probably do this...
> > >
>
> > > > As far as I can tell, the QEMU git server only supports the "dumb" git
> > > > protocol when accessed over HTTPS, not the "smart" protocol. I'm not
> > > > sure whether that might be why QEMU is currently still using the
> > > > insecure git protocol instead of git over HTTPS?
> > >
> > > This is why we haven't switched over the submodules yet, yes.
> > > It's on Jeff's todo list for the server, though.
>
> Did we ever get this done? (And updating this thread to pull in Jeff's new
> email). (Reminded of this now that there is yet another submodule being
> proposed for mirroring)
For the record, Jeff Cody set up smart HTTP for https://git.qemu.org/
and QEMU 3.1.0 will use https for submodules.
Stefan
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 455 bytes --]
prev parent reply other threads:[~2018-12-04 10:32 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-15 19:50 [Qemu-devel] insecure git submodule URLs Jann Horn
2018-07-15 21:18 ` Peter Maydell
2018-07-16 0:56 ` Jann Horn
2018-10-08 19:17 ` Eric Blake
2018-12-04 10:32 ` Stefan Hajnoczi [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181204103200.GB5541@stefanha-x1.localdomain \
--to=stefanha@gmail.com \
--cc=eblake@redhat.com \
--cc=jannh@google.com \
--cc=jeff@codyprime.org \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).