* [PATCH 0/2] MAINTAINERS cleanup
@ 2018-07-10 8:15 Wei Liu
2018-07-10 8:15 ` [PATCH 1/2] MAINTAINERS: drop USB PV DRIVERS entry Wei Liu
2018-07-10 8:15 ` [PATCH 2/2] MAINTAINERS: use https for git trees Wei Liu
0 siblings, 2 replies; 15+ messages in thread
From: Wei Liu @ 2018-07-10 8:15 UTC (permalink / raw)
To: Xen-devel; +Cc: Wei Liu
Based on discussions in Lars' series.
Wei Liu (2):
MAINTAINERS: drop USB PV DRIVERS entry
MAINTAINERS: use https for git trees
MAINTAINERS | 16 +++++-----------
1 file changed, 5 insertions(+), 11 deletions(-)
--
2.11.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 15+ messages in thread
* [PATCH 1/2] MAINTAINERS: drop USB PV DRIVERS entry
2018-07-10 8:15 [PATCH 0/2] MAINTAINERS cleanup Wei Liu
@ 2018-07-10 8:15 ` Wei Liu
2018-07-10 8:35 ` Jan Beulich
2018-07-10 8:36 ` George Dunlap
2018-07-10 8:15 ` [PATCH 2/2] MAINTAINERS: use https for git trees Wei Liu
1 sibling, 2 replies; 15+ messages in thread
From: Wei Liu @ 2018-07-10 8:15 UTC (permalink / raw)
To: Xen-devel
Cc: Stefano Stabellini, Wei Liu, George Dunlap, Andrew Cooper,
Ian Jackson, Tim Deegan, Jan Beulich
Suggested-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Wei Liu <wei.liu2@citrix.com>
---
Cc: Andrew Cooper <andrew.cooper3@citrix.com>
Cc: George Dunlap <George.Dunlap@eu.citrix.com>
Cc: Ian Jackson <ian.jackson@eu.citrix.com>
Cc: Jan Beulich <jbeulich@suse.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: Stefano Stabellini <sstabellini@kernel.org>
Cc: Tim Deegan <tim@xen.org>
Cc: Wei Liu <wei.liu2@citrix.com>
---
MAINTAINERS | 6 ------
1 file changed, 6 deletions(-)
diff --git a/MAINTAINERS b/MAINTAINERS
index 4581419710..d50ba0a17c 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -407,12 +407,6 @@ S: Obsolete
L: xen-devel@lists.xenproject.org
F: unmodified_drivers/linux-2.6/
-USB PV DRIVERS
-M: Noboru Iwamatsu <n_iwamatsu@jp.fujitsu.com>
-S: Supported
-T: hg https://xenbits.xenproject.org/hg/linux-2.6.18-xen.hg
-F: drivers/xen/usb*/
-
VM EVENT, MEM ACCESS and MONITOR
M: Razvan Cojocaru <rcojocaru@bitdefender.com>
M: Tamas K Lengyel <tamas@tklengyel.com>
--
2.11.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [PATCH 2/2] MAINTAINERS: use https for git trees
2018-07-10 8:15 [PATCH 0/2] MAINTAINERS cleanup Wei Liu
2018-07-10 8:15 ` [PATCH 1/2] MAINTAINERS: drop USB PV DRIVERS entry Wei Liu
@ 2018-07-10 8:15 ` Wei Liu
2018-07-10 8:36 ` George Dunlap
2018-07-10 8:36 ` Jan Beulich
1 sibling, 2 replies; 15+ messages in thread
From: Wei Liu @ 2018-07-10 8:15 UTC (permalink / raw)
To: Xen-devel
Cc: Stefano Stabellini, Wei Liu, George Dunlap, Andrew Cooper,
Ian Jackson, Tim Deegan, Jan Beulich
Signed-off-by: Wei Liu <wei.liu2@citrix.com>
---
Cc: Andrew Cooper <andrew.cooper3@citrix.com>
Cc: George Dunlap <George.Dunlap@eu.citrix.com>
Cc: Ian Jackson <ian.jackson@eu.citrix.com>
Cc: Jan Beulich <jbeulich@suse.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: Stefano Stabellini <sstabellini@kernel.org>
Cc: Tim Deegan <tim@xen.org>
Cc: Wei Liu <wei.liu2@citrix.com>
---
MAINTAINERS | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/MAINTAINERS b/MAINTAINERS
index d50ba0a17c..f28d0e1ee0 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -296,7 +296,7 @@ MINI-OS
M: Samuel Thibault <samuel.thibault@ens-lyon.org>
S: Supported
L: minios-devel@lists.xenproject.org
-T: git git://xenbits.xenproject.org/mini-os.git
+T: git https://xenbits.xenproject.org/git-http/mini-os.git
F: config/MiniOS.mk
OCAML TOOLS
@@ -309,7 +309,7 @@ OVMF UPSTREAM
M: Anthony PERARD <anthony.perard@citrix.com>
M: Wei Liu <wei.liu2@citrix.com>
S: Supported
-T: git git://xenbits.xenproject.org/ovmf.git
+T: git https://xenbits.xenproject.org/git-http/ovmf.git
POWER MANAGEMENT
M: Jan Beulich <jbeulich@suse.com>
@@ -333,13 +333,13 @@ F: tools/python
QEMU-DM
M: Ian Jackson <ian.jackson@eu.citrix.com>
S: Supported
-T: git git://xenbits.xenproject.org/qemu-xen-traditional.git
+T: git https://xenbits.xenproject.org/git-http/qemu-xen-traditional.git
QEMU UPSTREAM
M: Stefano Stabellini <sstabellini@kernel.org>
M: Anthony Perard <anthony.perard@citrix.com>
S: Supported
-T: git git://xenbits.xenproject.org/qemu-xen.git
+T: git https://xenbits.xenproject.org/git-http/qemu-xen.git
REMUS
M: Shriram Rajagopalan <rshriram@cs.ubc.ca>
@@ -367,7 +367,7 @@ F: xen/common/sched*
SEABIOS UPSTREAM
M: Wei Liu <wei.liu2@citrix.com>
S: Supported
-T: git git://xenbits.xenproject.org/seabios.git
+T: git https://xenbits.xenproject.org/git-http/seabios.git
STUB DOMAINS
M: Samuel Thibault <samuel.thibault@ens-lyon.org>
--
2.11.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply related [flat|nested] 15+ messages in thread
* Re: [PATCH 1/2] MAINTAINERS: drop USB PV DRIVERS entry
2018-07-10 8:15 ` [PATCH 1/2] MAINTAINERS: drop USB PV DRIVERS entry Wei Liu
@ 2018-07-10 8:35 ` Jan Beulich
2018-07-10 8:36 ` George Dunlap
1 sibling, 0 replies; 15+ messages in thread
From: Jan Beulich @ 2018-07-10 8:35 UTC (permalink / raw)
To: Wei Liu
Cc: Stefano Stabellini, George Dunlap, Andrew Cooper, Ian Jackson,
Tim Deegan, xen-devel
>>> On 10.07.18 at 10:15, <wei.liu2@citrix.com> wrote:
> Suggested-by: Jan Beulich <jbeulich@suse.com>
> Signed-off-by: Wei Liu <wei.liu2@citrix.com>
Acked-by: Jan Beulich <jbeulich@suse.com>
Thanks for remembering this - I had long forgotten.
Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 2/2] MAINTAINERS: use https for git trees
2018-07-10 8:15 ` [PATCH 2/2] MAINTAINERS: use https for git trees Wei Liu
@ 2018-07-10 8:36 ` George Dunlap
2018-07-10 8:36 ` Jan Beulich
1 sibling, 0 replies; 15+ messages in thread
From: George Dunlap @ 2018-07-10 8:36 UTC (permalink / raw)
To: Wei Liu
Cc: Stefano Stabellini, Andrew Cooper, Tim (Xen.org), George Dunlap,
Jan Beulich, Ian Jackson, Xen-devel
> On Jul 10, 2018, at 9:15 AM, Wei Liu <wei.liu2@citrix.com> wrote:
>
> Signed-off-by: Wei Liu <wei.liu2@citrix.com>
Why?
-George
> ---
> Cc: Andrew Cooper <andrew.cooper3@citrix.com>
> Cc: George Dunlap <George.Dunlap@eu.citrix.com>
> Cc: Ian Jackson <ian.jackson@eu.citrix.com>
> Cc: Jan Beulich <jbeulich@suse.com>
> Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
> Cc: Stefano Stabellini <sstabellini@kernel.org>
> Cc: Tim Deegan <tim@xen.org>
> Cc: Wei Liu <wei.liu2@citrix.com>
> ---
> MAINTAINERS | 10 +++++-----
> 1 file changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/MAINTAINERS b/MAINTAINERS
> index d50ba0a17c..f28d0e1ee0 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -296,7 +296,7 @@ MINI-OS
> M: Samuel Thibault <samuel.thibault@ens-lyon.org>
> S: Supported
> L: minios-devel@lists.xenproject.org
> -T: git git://xenbits.xenproject.org/mini-os.git
> +T: git https://xenbits.xenproject.org/git-http/mini-os.git
> F: config/MiniOS.mk
>
> OCAML TOOLS
> @@ -309,7 +309,7 @@ OVMF UPSTREAM
> M: Anthony PERARD <anthony.perard@citrix.com>
> M: Wei Liu <wei.liu2@citrix.com>
> S: Supported
> -T: git git://xenbits.xenproject.org/ovmf.git
> +T: git https://xenbits.xenproject.org/git-http/ovmf.git
>
> POWER MANAGEMENT
> M: Jan Beulich <jbeulich@suse.com>
> @@ -333,13 +333,13 @@ F: tools/python
> QEMU-DM
> M: Ian Jackson <ian.jackson@eu.citrix.com>
> S: Supported
> -T: git git://xenbits.xenproject.org/qemu-xen-traditional.git
> +T: git https://xenbits.xenproject.org/git-http/qemu-xen-traditional.git
>
> QEMU UPSTREAM
> M: Stefano Stabellini <sstabellini@kernel.org>
> M: Anthony Perard <anthony.perard@citrix.com>
> S: Supported
> -T: git git://xenbits.xenproject.org/qemu-xen.git
> +T: git https://xenbits.xenproject.org/git-http/qemu-xen.git
>
> REMUS
> M: Shriram Rajagopalan <rshriram@cs.ubc.ca>
> @@ -367,7 +367,7 @@ F: xen/common/sched*
> SEABIOS UPSTREAM
> M: Wei Liu <wei.liu2@citrix.com>
> S: Supported
> -T: git git://xenbits.xenproject.org/seabios.git
> +T: git https://xenbits.xenproject.org/git-http/seabios.git
>
> STUB DOMAINS
> M: Samuel Thibault <samuel.thibault@ens-lyon.org>
> --
> 2.11.0
>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 1/2] MAINTAINERS: drop USB PV DRIVERS entry
2018-07-10 8:15 ` [PATCH 1/2] MAINTAINERS: drop USB PV DRIVERS entry Wei Liu
2018-07-10 8:35 ` Jan Beulich
@ 2018-07-10 8:36 ` George Dunlap
1 sibling, 0 replies; 15+ messages in thread
From: George Dunlap @ 2018-07-10 8:36 UTC (permalink / raw)
To: Wei Liu
Cc: Stefano Stabellini, Andrew Cooper, Tim (Xen.org), George Dunlap,
Jan Beulich, Ian Jackson, Xen-devel
> On Jul 10, 2018, at 9:15 AM, Wei Liu <wei.liu2@citrix.com> wrote:
>
> Suggested-by: Jan Beulich <jbeulich@suse.com>
> Signed-off-by: Wei Liu <wei.liu2@citrix.com>
Acked-by: George Dunlap <george.dunlap@citrix.com>
> ---
> Cc: Andrew Cooper <andrew.cooper3@citrix.com>
> Cc: George Dunlap <George.Dunlap@eu.citrix.com>
> Cc: Ian Jackson <ian.jackson@eu.citrix.com>
> Cc: Jan Beulich <jbeulich@suse.com>
> Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
> Cc: Stefano Stabellini <sstabellini@kernel.org>
> Cc: Tim Deegan <tim@xen.org>
> Cc: Wei Liu <wei.liu2@citrix.com>
> ---
> MAINTAINERS | 6 ------
> 1 file changed, 6 deletions(-)
>
> diff --git a/MAINTAINERS b/MAINTAINERS
> index 4581419710..d50ba0a17c 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -407,12 +407,6 @@ S: Obsolete
> L: xen-devel@lists.xenproject.org
> F: unmodified_drivers/linux-2.6/
>
> -USB PV DRIVERS
> -M: Noboru Iwamatsu <n_iwamatsu@jp.fujitsu.com>
> -S: Supported
> -T: hg https://xenbits.xenproject.org/hg/linux-2.6.18-xen.hg
> -F: drivers/xen/usb*/
> -
> VM EVENT, MEM ACCESS and MONITOR
> M: Razvan Cojocaru <rcojocaru@bitdefender.com>
> M: Tamas K Lengyel <tamas@tklengyel.com>
> --
> 2.11.0
>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 2/2] MAINTAINERS: use https for git trees
2018-07-10 8:15 ` [PATCH 2/2] MAINTAINERS: use https for git trees Wei Liu
2018-07-10 8:36 ` George Dunlap
@ 2018-07-10 8:36 ` Jan Beulich
2018-07-10 8:39 ` Wei Liu
1 sibling, 1 reply; 15+ messages in thread
From: Jan Beulich @ 2018-07-10 8:36 UTC (permalink / raw)
To: Wei Liu
Cc: Stefano Stabellini, George Dunlap, Andrew Cooper, Ian Jackson,
Tim Deegan, xen-devel
>>> On 10.07.18 at 10:15, <wei.liu2@citrix.com> wrote:
> Signed-off-by: Wei Liu <wei.liu2@citrix.com>
What's wrong with git:// ? I think the commit message should be non-
empty here.
Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 2/2] MAINTAINERS: use https for git trees
2018-07-10 8:36 ` Jan Beulich
@ 2018-07-10 8:39 ` Wei Liu
2018-07-10 8:47 ` Andrew Cooper
2018-07-10 10:23 ` Ian Jackson
0 siblings, 2 replies; 15+ messages in thread
From: Wei Liu @ 2018-07-10 8:39 UTC (permalink / raw)
To: Jan Beulich
Cc: Stefano Stabellini, Wei Liu, George Dunlap, Andrew Cooper,
Ian Jackson, Tim Deegan, xen-devel
On Tue, Jul 10, 2018 at 02:36:49AM -0600, Jan Beulich wrote:
> >>> On 10.07.18 at 10:15, <wei.liu2@citrix.com> wrote:
> > Signed-off-by: Wei Liu <wei.liu2@citrix.com>
>
> What's wrong with git:// ? I think the commit message should be non-
> empty here.
git: is not encrypted, while https: is. At this time of age, it is
better to use encryption as much as possible.
Wei.
>
> Jan
>
>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 2/2] MAINTAINERS: use https for git trees
2018-07-10 8:39 ` Wei Liu
@ 2018-07-10 8:47 ` Andrew Cooper
2018-07-10 8:49 ` Wei Liu
2018-07-10 10:23 ` Ian Jackson
1 sibling, 1 reply; 15+ messages in thread
From: Andrew Cooper @ 2018-07-10 8:47 UTC (permalink / raw)
To: Wei Liu, Jan Beulich
Cc: Stefano Stabellini, George Dunlap, Ian Jackson, Tim Deegan,
xen-devel
On 10/07/2018 09:39, Wei Liu wrote:
> On Tue, Jul 10, 2018 at 02:36:49AM -0600, Jan Beulich wrote:
>>>>> On 10.07.18 at 10:15, <wei.liu2@citrix.com> wrote:
>>> Signed-off-by: Wei Liu <wei.liu2@citrix.com>
>> What's wrong with git:// ? I think the commit message should be non-
>> empty here.
> git: is not encrypted, while https: is. At this time of age, it is
> better to use encryption as much as possible.
And what good does encryption give you here? The entire history is a
cryptographic block chain...
~Andrew
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 2/2] MAINTAINERS: use https for git trees
2018-07-10 8:47 ` Andrew Cooper
@ 2018-07-10 8:49 ` Wei Liu
0 siblings, 0 replies; 15+ messages in thread
From: Wei Liu @ 2018-07-10 8:49 UTC (permalink / raw)
To: Andrew Cooper
Cc: Stefano Stabellini, Wei Liu, George Dunlap, Tim Deegan,
Ian Jackson, Jan Beulich, xen-devel
On Tue, Jul 10, 2018 at 09:47:01AM +0100, Andrew Cooper wrote:
> On 10/07/2018 09:39, Wei Liu wrote:
> > On Tue, Jul 10, 2018 at 02:36:49AM -0600, Jan Beulich wrote:
> >>>>> On 10.07.18 at 10:15, <wei.liu2@citrix.com> wrote:
> >>> Signed-off-by: Wei Liu <wei.liu2@citrix.com>
> >> What's wrong with git:// ? I think the commit message should be non-
> >> empty here.
> > git: is not encrypted, while https: is. At this time of age, it is
> > better to use encryption as much as possible.
>
> And what good does encryption give you here? The entire history is a
> cryptographic block chain...
Yes, you can always verify a signed tag or whatever.
But why not provide one more layer of security while we can? Isn't that
what defence in depth is about?
Wei.
>
> ~Andrew
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 2/2] MAINTAINERS: use https for git trees
2018-07-10 8:39 ` Wei Liu
2018-07-10 8:47 ` Andrew Cooper
@ 2018-07-10 10:23 ` Ian Jackson
2018-07-10 10:28 ` George Dunlap
1 sibling, 1 reply; 15+ messages in thread
From: Ian Jackson @ 2018-07-10 10:23 UTC (permalink / raw)
To: Wei Liu
Cc: Stefano Stabellini, George Dunlap, Andrew Cooper, Tim Deegan,
Jan Beulich, xen-devel
Wei Liu writes ("Re: [PATCH 2/2] MAINTAINERS: use https for git trees"):
> On Tue, Jul 10, 2018 at 02:36:49AM -0600, Jan Beulich wrote:
> > On 10.07.18 at 10:15, <wei.liu2@citrix.com> wrote:
> > > Signed-off-by: Wei Liu <wei.liu2@citrix.com>
> >
> > What's wrong with git:// ? I think the commit message should be non-
> > empty here.
>
> git: is not encrypted, while https: is. At this time of age, it is
> better to use encryption as much as possible.
I agree with this change, so
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Let me expand on Wei's reasons:
The git protocol is not just unencrypted, but also unauthenticated.
In theory it is possible to verify the signed tags for actual
releases, but that is a cumbersome process which I very much doubt
anyone really does.
As for the various branch tips, there is currently no way (unless you
have a shell account on xenbits) to get any kind of authenticated
value.
Conversely, if you use an https url, you get some cryptographic
authentication of what you are cloning. The crypto there is far from
perfect but it is massively better than nothing.
Additionally, in general, using and supporting https also means that
*what users are accessing* is encrypted. This enhances user privacy.
In the specific case of the git trees on xenbits this is a very minor
consideration.
Ian.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 2/2] MAINTAINERS: use https for git trees
2018-07-10 10:23 ` Ian Jackson
@ 2018-07-10 10:28 ` George Dunlap
2018-07-10 10:30 ` Wei Liu
0 siblings, 1 reply; 15+ messages in thread
From: George Dunlap @ 2018-07-10 10:28 UTC (permalink / raw)
To: Ian Jackson, Wei Liu
Cc: Stefano Stabellini, George Dunlap, Andrew Cooper, Tim Deegan,
Jan Beulich, xen-devel
On 07/10/2018 11:23 AM, Ian Jackson wrote:
> Wei Liu writes ("Re: [PATCH 2/2] MAINTAINERS: use https for git trees"):
>> On Tue, Jul 10, 2018 at 02:36:49AM -0600, Jan Beulich wrote:
>>> On 10.07.18 at 10:15, <wei.liu2@citrix.com> wrote:
>>>> Signed-off-by: Wei Liu <wei.liu2@citrix.com>
>>>
>>> What's wrong with git:// ? I think the commit message should be non-
>>> empty here.
>>
>> git: is not encrypted, while https: is. At this time of age, it is
>> better to use encryption as much as possible.
>
> I agree with this change, so
>
> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
>
>
> Let me expand on Wei's reasons:
>
> The git protocol is not just unencrypted, but also unauthenticated.
> In theory it is possible to verify the signed tags for actual
> releases, but that is a cumbersome process which I very much doubt
> anyone really does.
>
> As for the various branch tips, there is currently no way (unless you
> have a shell account on xenbits) to get any kind of authenticated
> value.
>
> Conversely, if you use an https url, you get some cryptographic
> authentication of what you are cloning. The crypto there is far from
> perfect but it is massively better than nothing.
I agree with this logic, but it should have been in the commit message.
-George
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 2/2] MAINTAINERS: use https for git trees
2018-07-10 10:28 ` George Dunlap
@ 2018-07-10 10:30 ` Wei Liu
2018-07-10 10:36 ` George Dunlap
0 siblings, 1 reply; 15+ messages in thread
From: Wei Liu @ 2018-07-10 10:30 UTC (permalink / raw)
To: George Dunlap
Cc: Stefano Stabellini, Wei Liu, George Dunlap, Andrew Cooper,
Tim Deegan, Jan Beulich, xen-devel, Ian Jackson
On Tue, Jul 10, 2018 at 11:28:34AM +0100, George Dunlap wrote:
> On 07/10/2018 11:23 AM, Ian Jackson wrote:
> > Wei Liu writes ("Re: [PATCH 2/2] MAINTAINERS: use https for git trees"):
> >> On Tue, Jul 10, 2018 at 02:36:49AM -0600, Jan Beulich wrote:
> >>> On 10.07.18 at 10:15, <wei.liu2@citrix.com> wrote:
> >>>> Signed-off-by: Wei Liu <wei.liu2@citrix.com>
> >>>
> >>> What's wrong with git:// ? I think the commit message should be non-
> >>> empty here.
> >>
> >> git: is not encrypted, while https: is. At this time of age, it is
> >> better to use encryption as much as possible.
> >
> > I agree with this change, so
> >
> > Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
> >
> >
> > Let me expand on Wei's reasons:
> >
> > The git protocol is not just unencrypted, but also unauthenticated.
> > In theory it is possible to verify the signed tags for actual
> > releases, but that is a cumbersome process which I very much doubt
> > anyone really does.
> >
> > As for the various branch tips, there is currently no way (unless you
> > have a shell account on xenbits) to get any kind of authenticated
> > value.
> >
> > Conversely, if you use an https url, you get some cryptographic
> > authentication of what you are cloning. The crypto there is far from
> > perfect but it is massively better than nothing.
>
> I agree with this logic, but it should have been in the commit message.
Alright. I took it for granted that everyone would think the more
encryption the better.
I will put what Ian wrote into the commit message.
Wei.
>
> -George
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 2/2] MAINTAINERS: use https for git trees
2018-07-10 10:30 ` Wei Liu
@ 2018-07-10 10:36 ` George Dunlap
2018-07-10 10:45 ` Wei Liu
0 siblings, 1 reply; 15+ messages in thread
From: George Dunlap @ 2018-07-10 10:36 UTC (permalink / raw)
To: Wei Liu
Cc: Stefano Stabellini, George Dunlap, Andrew Cooper, Tim Deegan,
Jan Beulich, xen-devel, Ian Jackson
On 07/10/2018 11:30 AM, Wei Liu wrote:
> On Tue, Jul 10, 2018 at 11:28:34AM +0100, George Dunlap wrote:
>> On 07/10/2018 11:23 AM, Ian Jackson wrote:
>>> Wei Liu writes ("Re: [PATCH 2/2] MAINTAINERS: use https for git trees"):
>>>> On Tue, Jul 10, 2018 at 02:36:49AM -0600, Jan Beulich wrote:
>>>>> On 10.07.18 at 10:15, <wei.liu2@citrix.com> wrote:
>>>>>> Signed-off-by: Wei Liu <wei.liu2@citrix.com>
>>>>>
>>>>> What's wrong with git:// ? I think the commit message should be non-
>>>>> empty here.
>>>>
>>>> git: is not encrypted, while https: is. At this time of age, it is
>>>> better to use encryption as much as possible.
>>>
>>> I agree with this change, so
>>>
>>> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
>>>
>>>
>>> Let me expand on Wei's reasons:
>>>
>>> The git protocol is not just unencrypted, but also unauthenticated.
>>> In theory it is possible to verify the signed tags for actual
>>> releases, but that is a cumbersome process which I very much doubt
>>> anyone really does.
>>>
>>> As for the various branch tips, there is currently no way (unless you
>>> have a shell account on xenbits) to get any kind of authenticated
>>> value.
>>>
>>> Conversely, if you use an https url, you get some cryptographic
>>> authentication of what you are cloning. The crypto there is far from
>>> perfect but it is massively better than nothing.
>>
>> I agree with this logic, but it should have been in the commit message.
>
> Alright. I took it for granted that everyone would think the more
> encryption the better.
>
> I will put what Ian wrote into the commit message.
Well in general, the more things are encrypted, the less conspicuous
encrypted traffic looks. But on the other hand, there may be other
costs with switching from git to https -- more server computation time,
longer download time, &c. If it were just a general "make more
encrypted traffic to make encryption of actual secrets more safe", I
don't think it would be worth degrading performance / increasing server
compute time. But for an extra level of authentication, I think it's
worth it.
And in any case, I think it's almost always worth at least a brief line
for the archaeologists. Imagine 10 years down the road someone wants to
know why it changed -- was it because we shut down the git servers? Was
it because https was measured as being faster? Was it to get around
firewalls? Or was is just to improve authentication? It may matter.
-George
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 2/2] MAINTAINERS: use https for git trees
2018-07-10 10:36 ` George Dunlap
@ 2018-07-10 10:45 ` Wei Liu
0 siblings, 0 replies; 15+ messages in thread
From: Wei Liu @ 2018-07-10 10:45 UTC (permalink / raw)
To: George Dunlap
Cc: Stefano Stabellini, Wei Liu, George Dunlap, Andrew Cooper,
Tim Deegan, Jan Beulich, xen-devel, Ian Jackson
On Tue, Jul 10, 2018 at 11:36:33AM +0100, George Dunlap wrote:
> On 07/10/2018 11:30 AM, Wei Liu wrote:
> > On Tue, Jul 10, 2018 at 11:28:34AM +0100, George Dunlap wrote:
> >> On 07/10/2018 11:23 AM, Ian Jackson wrote:
> >>> Wei Liu writes ("Re: [PATCH 2/2] MAINTAINERS: use https for git trees"):
> >>>> On Tue, Jul 10, 2018 at 02:36:49AM -0600, Jan Beulich wrote:
> >>>>> On 10.07.18 at 10:15, <wei.liu2@citrix.com> wrote:
> >>>>>> Signed-off-by: Wei Liu <wei.liu2@citrix.com>
> >>>>>
> >>>>> What's wrong with git:// ? I think the commit message should be non-
> >>>>> empty here.
> >>>>
> >>>> git: is not encrypted, while https: is. At this time of age, it is
> >>>> better to use encryption as much as possible.
> >>>
> >>> I agree with this change, so
> >>>
> >>> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
> >>>
> >>>
> >>> Let me expand on Wei's reasons:
> >>>
> >>> The git protocol is not just unencrypted, but also unauthenticated.
> >>> In theory it is possible to verify the signed tags for actual
> >>> releases, but that is a cumbersome process which I very much doubt
> >>> anyone really does.
> >>>
> >>> As for the various branch tips, there is currently no way (unless you
> >>> have a shell account on xenbits) to get any kind of authenticated
> >>> value.
> >>>
> >>> Conversely, if you use an https url, you get some cryptographic
> >>> authentication of what you are cloning. The crypto there is far from
> >>> perfect but it is massively better than nothing.
> >>
> >> I agree with this logic, but it should have been in the commit message.
> >
> > Alright. I took it for granted that everyone would think the more
> > encryption the better.
> >
> > I will put what Ian wrote into the commit message.
>
> Well in general, the more things are encrypted, the less conspicuous
> encrypted traffic looks. But on the other hand, there may be other
> costs with switching from git to https -- more server computation time,
> longer download time, &c. If it were just a general "make more
> encrypted traffic to make encryption of actual secrets more safe", I
> don't think it would be worth degrading performance / increasing server
> compute time. But for an extra level of authentication, I think it's
> worth it.
>
> And in any case, I think it's almost always worth at least a brief line
> for the archaeologists. Imagine 10 years down the road someone wants to
> know why it changed -- was it because we shut down the git servers? Was
> it because https was measured as being faster? Was it to get around
> firewalls? Or was is just to improve authentication? It may matter.
I don't fully agree what you said above but I'm not going to argue
because I've got what I wanted. :-)
Wei.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 15+ messages in thread
end of thread, other threads:[~2018-07-10 10:45 UTC | newest]
Thread overview: 15+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-07-10 8:15 [PATCH 0/2] MAINTAINERS cleanup Wei Liu
2018-07-10 8:15 ` [PATCH 1/2] MAINTAINERS: drop USB PV DRIVERS entry Wei Liu
2018-07-10 8:35 ` Jan Beulich
2018-07-10 8:36 ` George Dunlap
2018-07-10 8:15 ` [PATCH 2/2] MAINTAINERS: use https for git trees Wei Liu
2018-07-10 8:36 ` George Dunlap
2018-07-10 8:36 ` Jan Beulich
2018-07-10 8:39 ` Wei Liu
2018-07-10 8:47 ` Andrew Cooper
2018-07-10 8:49 ` Wei Liu
2018-07-10 10:23 ` Ian Jackson
2018-07-10 10:28 ` George Dunlap
2018-07-10 10:30 ` Wei Liu
2018-07-10 10:36 ` George Dunlap
2018-07-10 10:45 ` Wei Liu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).