* [PATCH 0/2] MAINTAINERS cleanup @ 2018-07-10 8:15 Wei Liu 2018-07-10 8:15 ` [PATCH 1/2] MAINTAINERS: drop USB PV DRIVERS entry Wei Liu 2018-07-10 8:15 ` [PATCH 2/2] MAINTAINERS: use https for git trees Wei Liu 0 siblings, 2 replies; 15+ messages in thread From: Wei Liu @ 2018-07-10 8:15 UTC (permalink / raw) To: Xen-devel; +Cc: Wei Liu Based on discussions in Lars' series. Wei Liu (2): MAINTAINERS: drop USB PV DRIVERS entry MAINTAINERS: use https for git trees MAINTAINERS | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) -- 2.11.0 _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply [flat|nested] 15+ messages in thread
* [PATCH 1/2] MAINTAINERS: drop USB PV DRIVERS entry 2018-07-10 8:15 [PATCH 0/2] MAINTAINERS cleanup Wei Liu @ 2018-07-10 8:15 ` Wei Liu 2018-07-10 8:35 ` Jan Beulich 2018-07-10 8:36 ` George Dunlap 2018-07-10 8:15 ` [PATCH 2/2] MAINTAINERS: use https for git trees Wei Liu 1 sibling, 2 replies; 15+ messages in thread From: Wei Liu @ 2018-07-10 8:15 UTC (permalink / raw) To: Xen-devel Cc: Stefano Stabellini, Wei Liu, George Dunlap, Andrew Cooper, Ian Jackson, Tim Deegan, Jan Beulich Suggested-by: Jan Beulich <jbeulich@suse.com> Signed-off-by: Wei Liu <wei.liu2@citrix.com> --- Cc: Andrew Cooper <andrew.cooper3@citrix.com> Cc: George Dunlap <George.Dunlap@eu.citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Jan Beulich <jbeulich@suse.com> Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Cc: Stefano Stabellini <sstabellini@kernel.org> Cc: Tim Deegan <tim@xen.org> Cc: Wei Liu <wei.liu2@citrix.com> --- MAINTAINERS | 6 ------ 1 file changed, 6 deletions(-) diff --git a/MAINTAINERS b/MAINTAINERS index 4581419710..d50ba0a17c 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -407,12 +407,6 @@ S: Obsolete L: xen-devel@lists.xenproject.org F: unmodified_drivers/linux-2.6/ -USB PV DRIVERS -M: Noboru Iwamatsu <n_iwamatsu@jp.fujitsu.com> -S: Supported -T: hg https://xenbits.xenproject.org/hg/linux-2.6.18-xen.hg -F: drivers/xen/usb*/ - VM EVENT, MEM ACCESS and MONITOR M: Razvan Cojocaru <rcojocaru@bitdefender.com> M: Tamas K Lengyel <tamas@tklengyel.com> -- 2.11.0 _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply related [flat|nested] 15+ messages in thread
* Re: [PATCH 1/2] MAINTAINERS: drop USB PV DRIVERS entry 2018-07-10 8:15 ` [PATCH 1/2] MAINTAINERS: drop USB PV DRIVERS entry Wei Liu @ 2018-07-10 8:35 ` Jan Beulich 2018-07-10 8:36 ` George Dunlap 1 sibling, 0 replies; 15+ messages in thread From: Jan Beulich @ 2018-07-10 8:35 UTC (permalink / raw) To: Wei Liu Cc: Stefano Stabellini, George Dunlap, Andrew Cooper, Ian Jackson, Tim Deegan, xen-devel >>> On 10.07.18 at 10:15, <wei.liu2@citrix.com> wrote: > Suggested-by: Jan Beulich <jbeulich@suse.com> > Signed-off-by: Wei Liu <wei.liu2@citrix.com> Acked-by: Jan Beulich <jbeulich@suse.com> Thanks for remembering this - I had long forgotten. Jan _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 1/2] MAINTAINERS: drop USB PV DRIVERS entry 2018-07-10 8:15 ` [PATCH 1/2] MAINTAINERS: drop USB PV DRIVERS entry Wei Liu 2018-07-10 8:35 ` Jan Beulich @ 2018-07-10 8:36 ` George Dunlap 1 sibling, 0 replies; 15+ messages in thread From: George Dunlap @ 2018-07-10 8:36 UTC (permalink / raw) To: Wei Liu Cc: Stefano Stabellini, Andrew Cooper, Tim (Xen.org), George Dunlap, Jan Beulich, Ian Jackson, Xen-devel > On Jul 10, 2018, at 9:15 AM, Wei Liu <wei.liu2@citrix.com> wrote: > > Suggested-by: Jan Beulich <jbeulich@suse.com> > Signed-off-by: Wei Liu <wei.liu2@citrix.com> Acked-by: George Dunlap <george.dunlap@citrix.com> > --- > Cc: Andrew Cooper <andrew.cooper3@citrix.com> > Cc: George Dunlap <George.Dunlap@eu.citrix.com> > Cc: Ian Jackson <ian.jackson@eu.citrix.com> > Cc: Jan Beulich <jbeulich@suse.com> > Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> > Cc: Stefano Stabellini <sstabellini@kernel.org> > Cc: Tim Deegan <tim@xen.org> > Cc: Wei Liu <wei.liu2@citrix.com> > --- > MAINTAINERS | 6 ------ > 1 file changed, 6 deletions(-) > > diff --git a/MAINTAINERS b/MAINTAINERS > index 4581419710..d50ba0a17c 100644 > --- a/MAINTAINERS > +++ b/MAINTAINERS > @@ -407,12 +407,6 @@ S: Obsolete > L: xen-devel@lists.xenproject.org > F: unmodified_drivers/linux-2.6/ > > -USB PV DRIVERS > -M: Noboru Iwamatsu <n_iwamatsu@jp.fujitsu.com> > -S: Supported > -T: hg https://xenbits.xenproject.org/hg/linux-2.6.18-xen.hg > -F: drivers/xen/usb*/ > - > VM EVENT, MEM ACCESS and MONITOR > M: Razvan Cojocaru <rcojocaru@bitdefender.com> > M: Tamas K Lengyel <tamas@tklengyel.com> > -- > 2.11.0 > _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply [flat|nested] 15+ messages in thread
* [PATCH 2/2] MAINTAINERS: use https for git trees 2018-07-10 8:15 [PATCH 0/2] MAINTAINERS cleanup Wei Liu 2018-07-10 8:15 ` [PATCH 1/2] MAINTAINERS: drop USB PV DRIVERS entry Wei Liu @ 2018-07-10 8:15 ` Wei Liu 2018-07-10 8:36 ` George Dunlap 2018-07-10 8:36 ` Jan Beulich 1 sibling, 2 replies; 15+ messages in thread From: Wei Liu @ 2018-07-10 8:15 UTC (permalink / raw) To: Xen-devel Cc: Stefano Stabellini, Wei Liu, George Dunlap, Andrew Cooper, Ian Jackson, Tim Deegan, Jan Beulich Signed-off-by: Wei Liu <wei.liu2@citrix.com> --- Cc: Andrew Cooper <andrew.cooper3@citrix.com> Cc: George Dunlap <George.Dunlap@eu.citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Jan Beulich <jbeulich@suse.com> Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Cc: Stefano Stabellini <sstabellini@kernel.org> Cc: Tim Deegan <tim@xen.org> Cc: Wei Liu <wei.liu2@citrix.com> --- MAINTAINERS | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/MAINTAINERS b/MAINTAINERS index d50ba0a17c..f28d0e1ee0 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -296,7 +296,7 @@ MINI-OS M: Samuel Thibault <samuel.thibault@ens-lyon.org> S: Supported L: minios-devel@lists.xenproject.org -T: git git://xenbits.xenproject.org/mini-os.git +T: git https://xenbits.xenproject.org/git-http/mini-os.git F: config/MiniOS.mk OCAML TOOLS @@ -309,7 +309,7 @@ OVMF UPSTREAM M: Anthony PERARD <anthony.perard@citrix.com> M: Wei Liu <wei.liu2@citrix.com> S: Supported -T: git git://xenbits.xenproject.org/ovmf.git +T: git https://xenbits.xenproject.org/git-http/ovmf.git POWER MANAGEMENT M: Jan Beulich <jbeulich@suse.com> @@ -333,13 +333,13 @@ F: tools/python QEMU-DM M: Ian Jackson <ian.jackson@eu.citrix.com> S: Supported -T: git git://xenbits.xenproject.org/qemu-xen-traditional.git +T: git https://xenbits.xenproject.org/git-http/qemu-xen-traditional.git QEMU UPSTREAM M: Stefano Stabellini <sstabellini@kernel.org> M: Anthony Perard <anthony.perard@citrix.com> S: Supported -T: git git://xenbits.xenproject.org/qemu-xen.git +T: git https://xenbits.xenproject.org/git-http/qemu-xen.git REMUS M: Shriram Rajagopalan <rshriram@cs.ubc.ca> @@ -367,7 +367,7 @@ F: xen/common/sched* SEABIOS UPSTREAM M: Wei Liu <wei.liu2@citrix.com> S: Supported -T: git git://xenbits.xenproject.org/seabios.git +T: git https://xenbits.xenproject.org/git-http/seabios.git STUB DOMAINS M: Samuel Thibault <samuel.thibault@ens-lyon.org> -- 2.11.0 _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply related [flat|nested] 15+ messages in thread
* Re: [PATCH 2/2] MAINTAINERS: use https for git trees 2018-07-10 8:15 ` [PATCH 2/2] MAINTAINERS: use https for git trees Wei Liu @ 2018-07-10 8:36 ` George Dunlap 2018-07-10 8:36 ` Jan Beulich 1 sibling, 0 replies; 15+ messages in thread From: George Dunlap @ 2018-07-10 8:36 UTC (permalink / raw) To: Wei Liu Cc: Stefano Stabellini, Andrew Cooper, Tim (Xen.org), George Dunlap, Jan Beulich, Ian Jackson, Xen-devel > On Jul 10, 2018, at 9:15 AM, Wei Liu <wei.liu2@citrix.com> wrote: > > Signed-off-by: Wei Liu <wei.liu2@citrix.com> Why? -George > --- > Cc: Andrew Cooper <andrew.cooper3@citrix.com> > Cc: George Dunlap <George.Dunlap@eu.citrix.com> > Cc: Ian Jackson <ian.jackson@eu.citrix.com> > Cc: Jan Beulich <jbeulich@suse.com> > Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> > Cc: Stefano Stabellini <sstabellini@kernel.org> > Cc: Tim Deegan <tim@xen.org> > Cc: Wei Liu <wei.liu2@citrix.com> > --- > MAINTAINERS | 10 +++++----- > 1 file changed, 5 insertions(+), 5 deletions(-) > > diff --git a/MAINTAINERS b/MAINTAINERS > index d50ba0a17c..f28d0e1ee0 100644 > --- a/MAINTAINERS > +++ b/MAINTAINERS > @@ -296,7 +296,7 @@ MINI-OS > M: Samuel Thibault <samuel.thibault@ens-lyon.org> > S: Supported > L: minios-devel@lists.xenproject.org > -T: git git://xenbits.xenproject.org/mini-os.git > +T: git https://xenbits.xenproject.org/git-http/mini-os.git > F: config/MiniOS.mk > > OCAML TOOLS > @@ -309,7 +309,7 @@ OVMF UPSTREAM > M: Anthony PERARD <anthony.perard@citrix.com> > M: Wei Liu <wei.liu2@citrix.com> > S: Supported > -T: git git://xenbits.xenproject.org/ovmf.git > +T: git https://xenbits.xenproject.org/git-http/ovmf.git > > POWER MANAGEMENT > M: Jan Beulich <jbeulich@suse.com> > @@ -333,13 +333,13 @@ F: tools/python > QEMU-DM > M: Ian Jackson <ian.jackson@eu.citrix.com> > S: Supported > -T: git git://xenbits.xenproject.org/qemu-xen-traditional.git > +T: git https://xenbits.xenproject.org/git-http/qemu-xen-traditional.git > > QEMU UPSTREAM > M: Stefano Stabellini <sstabellini@kernel.org> > M: Anthony Perard <anthony.perard@citrix.com> > S: Supported > -T: git git://xenbits.xenproject.org/qemu-xen.git > +T: git https://xenbits.xenproject.org/git-http/qemu-xen.git > > REMUS > M: Shriram Rajagopalan <rshriram@cs.ubc.ca> > @@ -367,7 +367,7 @@ F: xen/common/sched* > SEABIOS UPSTREAM > M: Wei Liu <wei.liu2@citrix.com> > S: Supported > -T: git git://xenbits.xenproject.org/seabios.git > +T: git https://xenbits.xenproject.org/git-http/seabios.git > > STUB DOMAINS > M: Samuel Thibault <samuel.thibault@ens-lyon.org> > -- > 2.11.0 > _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 2/2] MAINTAINERS: use https for git trees 2018-07-10 8:15 ` [PATCH 2/2] MAINTAINERS: use https for git trees Wei Liu 2018-07-10 8:36 ` George Dunlap @ 2018-07-10 8:36 ` Jan Beulich 2018-07-10 8:39 ` Wei Liu 1 sibling, 1 reply; 15+ messages in thread From: Jan Beulich @ 2018-07-10 8:36 UTC (permalink / raw) To: Wei Liu Cc: Stefano Stabellini, George Dunlap, Andrew Cooper, Ian Jackson, Tim Deegan, xen-devel >>> On 10.07.18 at 10:15, <wei.liu2@citrix.com> wrote: > Signed-off-by: Wei Liu <wei.liu2@citrix.com> What's wrong with git:// ? I think the commit message should be non- empty here. Jan _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 2/2] MAINTAINERS: use https for git trees 2018-07-10 8:36 ` Jan Beulich @ 2018-07-10 8:39 ` Wei Liu 2018-07-10 8:47 ` Andrew Cooper 2018-07-10 10:23 ` Ian Jackson 0 siblings, 2 replies; 15+ messages in thread From: Wei Liu @ 2018-07-10 8:39 UTC (permalink / raw) To: Jan Beulich Cc: Stefano Stabellini, Wei Liu, George Dunlap, Andrew Cooper, Ian Jackson, Tim Deegan, xen-devel On Tue, Jul 10, 2018 at 02:36:49AM -0600, Jan Beulich wrote: > >>> On 10.07.18 at 10:15, <wei.liu2@citrix.com> wrote: > > Signed-off-by: Wei Liu <wei.liu2@citrix.com> > > What's wrong with git:// ? I think the commit message should be non- > empty here. git: is not encrypted, while https: is. At this time of age, it is better to use encryption as much as possible. Wei. > > Jan > > _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 2/2] MAINTAINERS: use https for git trees 2018-07-10 8:39 ` Wei Liu @ 2018-07-10 8:47 ` Andrew Cooper 2018-07-10 8:49 ` Wei Liu 2018-07-10 10:23 ` Ian Jackson 1 sibling, 1 reply; 15+ messages in thread From: Andrew Cooper @ 2018-07-10 8:47 UTC (permalink / raw) To: Wei Liu, Jan Beulich Cc: Stefano Stabellini, George Dunlap, Ian Jackson, Tim Deegan, xen-devel On 10/07/2018 09:39, Wei Liu wrote: > On Tue, Jul 10, 2018 at 02:36:49AM -0600, Jan Beulich wrote: >>>>> On 10.07.18 at 10:15, <wei.liu2@citrix.com> wrote: >>> Signed-off-by: Wei Liu <wei.liu2@citrix.com> >> What's wrong with git:// ? I think the commit message should be non- >> empty here. > git: is not encrypted, while https: is. At this time of age, it is > better to use encryption as much as possible. And what good does encryption give you here? The entire history is a cryptographic block chain... ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 2/2] MAINTAINERS: use https for git trees 2018-07-10 8:47 ` Andrew Cooper @ 2018-07-10 8:49 ` Wei Liu 0 siblings, 0 replies; 15+ messages in thread From: Wei Liu @ 2018-07-10 8:49 UTC (permalink / raw) To: Andrew Cooper Cc: Stefano Stabellini, Wei Liu, George Dunlap, Tim Deegan, Ian Jackson, Jan Beulich, xen-devel On Tue, Jul 10, 2018 at 09:47:01AM +0100, Andrew Cooper wrote: > On 10/07/2018 09:39, Wei Liu wrote: > > On Tue, Jul 10, 2018 at 02:36:49AM -0600, Jan Beulich wrote: > >>>>> On 10.07.18 at 10:15, <wei.liu2@citrix.com> wrote: > >>> Signed-off-by: Wei Liu <wei.liu2@citrix.com> > >> What's wrong with git:// ? I think the commit message should be non- > >> empty here. > > git: is not encrypted, while https: is. At this time of age, it is > > better to use encryption as much as possible. > > And what good does encryption give you here? The entire history is a > cryptographic block chain... Yes, you can always verify a signed tag or whatever. But why not provide one more layer of security while we can? Isn't that what defence in depth is about? Wei. > > ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 2/2] MAINTAINERS: use https for git trees 2018-07-10 8:39 ` Wei Liu 2018-07-10 8:47 ` Andrew Cooper @ 2018-07-10 10:23 ` Ian Jackson 2018-07-10 10:28 ` George Dunlap 1 sibling, 1 reply; 15+ messages in thread From: Ian Jackson @ 2018-07-10 10:23 UTC (permalink / raw) To: Wei Liu Cc: Stefano Stabellini, George Dunlap, Andrew Cooper, Tim Deegan, Jan Beulich, xen-devel Wei Liu writes ("Re: [PATCH 2/2] MAINTAINERS: use https for git trees"): > On Tue, Jul 10, 2018 at 02:36:49AM -0600, Jan Beulich wrote: > > On 10.07.18 at 10:15, <wei.liu2@citrix.com> wrote: > > > Signed-off-by: Wei Liu <wei.liu2@citrix.com> > > > > What's wrong with git:// ? I think the commit message should be non- > > empty here. > > git: is not encrypted, while https: is. At this time of age, it is > better to use encryption as much as possible. I agree with this change, so Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> Let me expand on Wei's reasons: The git protocol is not just unencrypted, but also unauthenticated. In theory it is possible to verify the signed tags for actual releases, but that is a cumbersome process which I very much doubt anyone really does. As for the various branch tips, there is currently no way (unless you have a shell account on xenbits) to get any kind of authenticated value. Conversely, if you use an https url, you get some cryptographic authentication of what you are cloning. The crypto there is far from perfect but it is massively better than nothing. Additionally, in general, using and supporting https also means that *what users are accessing* is encrypted. This enhances user privacy. In the specific case of the git trees on xenbits this is a very minor consideration. Ian. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 2/2] MAINTAINERS: use https for git trees 2018-07-10 10:23 ` Ian Jackson @ 2018-07-10 10:28 ` George Dunlap 2018-07-10 10:30 ` Wei Liu 0 siblings, 1 reply; 15+ messages in thread From: George Dunlap @ 2018-07-10 10:28 UTC (permalink / raw) To: Ian Jackson, Wei Liu Cc: Stefano Stabellini, George Dunlap, Andrew Cooper, Tim Deegan, Jan Beulich, xen-devel On 07/10/2018 11:23 AM, Ian Jackson wrote: > Wei Liu writes ("Re: [PATCH 2/2] MAINTAINERS: use https for git trees"): >> On Tue, Jul 10, 2018 at 02:36:49AM -0600, Jan Beulich wrote: >>> On 10.07.18 at 10:15, <wei.liu2@citrix.com> wrote: >>>> Signed-off-by: Wei Liu <wei.liu2@citrix.com> >>> >>> What's wrong with git:// ? I think the commit message should be non- >>> empty here. >> >> git: is not encrypted, while https: is. At this time of age, it is >> better to use encryption as much as possible. > > I agree with this change, so > > Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> > > > Let me expand on Wei's reasons: > > The git protocol is not just unencrypted, but also unauthenticated. > In theory it is possible to verify the signed tags for actual > releases, but that is a cumbersome process which I very much doubt > anyone really does. > > As for the various branch tips, there is currently no way (unless you > have a shell account on xenbits) to get any kind of authenticated > value. > > Conversely, if you use an https url, you get some cryptographic > authentication of what you are cloning. The crypto there is far from > perfect but it is massively better than nothing. I agree with this logic, but it should have been in the commit message. -George _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 2/2] MAINTAINERS: use https for git trees 2018-07-10 10:28 ` George Dunlap @ 2018-07-10 10:30 ` Wei Liu 2018-07-10 10:36 ` George Dunlap 0 siblings, 1 reply; 15+ messages in thread From: Wei Liu @ 2018-07-10 10:30 UTC (permalink / raw) To: George Dunlap Cc: Stefano Stabellini, Wei Liu, George Dunlap, Andrew Cooper, Tim Deegan, Jan Beulich, xen-devel, Ian Jackson On Tue, Jul 10, 2018 at 11:28:34AM +0100, George Dunlap wrote: > On 07/10/2018 11:23 AM, Ian Jackson wrote: > > Wei Liu writes ("Re: [PATCH 2/2] MAINTAINERS: use https for git trees"): > >> On Tue, Jul 10, 2018 at 02:36:49AM -0600, Jan Beulich wrote: > >>> On 10.07.18 at 10:15, <wei.liu2@citrix.com> wrote: > >>>> Signed-off-by: Wei Liu <wei.liu2@citrix.com> > >>> > >>> What's wrong with git:// ? I think the commit message should be non- > >>> empty here. > >> > >> git: is not encrypted, while https: is. At this time of age, it is > >> better to use encryption as much as possible. > > > > I agree with this change, so > > > > Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> > > > > > > Let me expand on Wei's reasons: > > > > The git protocol is not just unencrypted, but also unauthenticated. > > In theory it is possible to verify the signed tags for actual > > releases, but that is a cumbersome process which I very much doubt > > anyone really does. > > > > As for the various branch tips, there is currently no way (unless you > > have a shell account on xenbits) to get any kind of authenticated > > value. > > > > Conversely, if you use an https url, you get some cryptographic > > authentication of what you are cloning. The crypto there is far from > > perfect but it is massively better than nothing. > > I agree with this logic, but it should have been in the commit message. Alright. I took it for granted that everyone would think the more encryption the better. I will put what Ian wrote into the commit message. Wei. > > -George _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 2/2] MAINTAINERS: use https for git trees 2018-07-10 10:30 ` Wei Liu @ 2018-07-10 10:36 ` George Dunlap 2018-07-10 10:45 ` Wei Liu 0 siblings, 1 reply; 15+ messages in thread From: George Dunlap @ 2018-07-10 10:36 UTC (permalink / raw) To: Wei Liu Cc: Stefano Stabellini, George Dunlap, Andrew Cooper, Tim Deegan, Jan Beulich, xen-devel, Ian Jackson On 07/10/2018 11:30 AM, Wei Liu wrote: > On Tue, Jul 10, 2018 at 11:28:34AM +0100, George Dunlap wrote: >> On 07/10/2018 11:23 AM, Ian Jackson wrote: >>> Wei Liu writes ("Re: [PATCH 2/2] MAINTAINERS: use https for git trees"): >>>> On Tue, Jul 10, 2018 at 02:36:49AM -0600, Jan Beulich wrote: >>>>> On 10.07.18 at 10:15, <wei.liu2@citrix.com> wrote: >>>>>> Signed-off-by: Wei Liu <wei.liu2@citrix.com> >>>>> >>>>> What's wrong with git:// ? I think the commit message should be non- >>>>> empty here. >>>> >>>> git: is not encrypted, while https: is. At this time of age, it is >>>> better to use encryption as much as possible. >>> >>> I agree with this change, so >>> >>> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> >>> >>> >>> Let me expand on Wei's reasons: >>> >>> The git protocol is not just unencrypted, but also unauthenticated. >>> In theory it is possible to verify the signed tags for actual >>> releases, but that is a cumbersome process which I very much doubt >>> anyone really does. >>> >>> As for the various branch tips, there is currently no way (unless you >>> have a shell account on xenbits) to get any kind of authenticated >>> value. >>> >>> Conversely, if you use an https url, you get some cryptographic >>> authentication of what you are cloning. The crypto there is far from >>> perfect but it is massively better than nothing. >> >> I agree with this logic, but it should have been in the commit message. > > Alright. I took it for granted that everyone would think the more > encryption the better. > > I will put what Ian wrote into the commit message. Well in general, the more things are encrypted, the less conspicuous encrypted traffic looks. But on the other hand, there may be other costs with switching from git to https -- more server computation time, longer download time, &c. If it were just a general "make more encrypted traffic to make encryption of actual secrets more safe", I don't think it would be worth degrading performance / increasing server compute time. But for an extra level of authentication, I think it's worth it. And in any case, I think it's almost always worth at least a brief line for the archaeologists. Imagine 10 years down the road someone wants to know why it changed -- was it because we shut down the git servers? Was it because https was measured as being faster? Was it to get around firewalls? Or was is just to improve authentication? It may matter. -George _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 2/2] MAINTAINERS: use https for git trees 2018-07-10 10:36 ` George Dunlap @ 2018-07-10 10:45 ` Wei Liu 0 siblings, 0 replies; 15+ messages in thread From: Wei Liu @ 2018-07-10 10:45 UTC (permalink / raw) To: George Dunlap Cc: Stefano Stabellini, Wei Liu, George Dunlap, Andrew Cooper, Tim Deegan, Jan Beulich, xen-devel, Ian Jackson On Tue, Jul 10, 2018 at 11:36:33AM +0100, George Dunlap wrote: > On 07/10/2018 11:30 AM, Wei Liu wrote: > > On Tue, Jul 10, 2018 at 11:28:34AM +0100, George Dunlap wrote: > >> On 07/10/2018 11:23 AM, Ian Jackson wrote: > >>> Wei Liu writes ("Re: [PATCH 2/2] MAINTAINERS: use https for git trees"): > >>>> On Tue, Jul 10, 2018 at 02:36:49AM -0600, Jan Beulich wrote: > >>>>> On 10.07.18 at 10:15, <wei.liu2@citrix.com> wrote: > >>>>>> Signed-off-by: Wei Liu <wei.liu2@citrix.com> > >>>>> > >>>>> What's wrong with git:// ? I think the commit message should be non- > >>>>> empty here. > >>>> > >>>> git: is not encrypted, while https: is. At this time of age, it is > >>>> better to use encryption as much as possible. > >>> > >>> I agree with this change, so > >>> > >>> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> > >>> > >>> > >>> Let me expand on Wei's reasons: > >>> > >>> The git protocol is not just unencrypted, but also unauthenticated. > >>> In theory it is possible to verify the signed tags for actual > >>> releases, but that is a cumbersome process which I very much doubt > >>> anyone really does. > >>> > >>> As for the various branch tips, there is currently no way (unless you > >>> have a shell account on xenbits) to get any kind of authenticated > >>> value. > >>> > >>> Conversely, if you use an https url, you get some cryptographic > >>> authentication of what you are cloning. The crypto there is far from > >>> perfect but it is massively better than nothing. > >> > >> I agree with this logic, but it should have been in the commit message. > > > > Alright. I took it for granted that everyone would think the more > > encryption the better. > > > > I will put what Ian wrote into the commit message. > > Well in general, the more things are encrypted, the less conspicuous > encrypted traffic looks. But on the other hand, there may be other > costs with switching from git to https -- more server computation time, > longer download time, &c. If it were just a general "make more > encrypted traffic to make encryption of actual secrets more safe", I > don't think it would be worth degrading performance / increasing server > compute time. But for an extra level of authentication, I think it's > worth it. > > And in any case, I think it's almost always worth at least a brief line > for the archaeologists. Imagine 10 years down the road someone wants to > know why it changed -- was it because we shut down the git servers? Was > it because https was measured as being faster? Was it to get around > firewalls? Or was is just to improve authentication? It may matter. I don't fully agree what you said above but I'm not going to argue because I've got what I wanted. :-) Wei. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply [flat|nested] 15+ messages in thread
end of thread, other threads:[~2018-07-10 10:45 UTC | newest] Thread overview: 15+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2018-07-10 8:15 [PATCH 0/2] MAINTAINERS cleanup Wei Liu 2018-07-10 8:15 ` [PATCH 1/2] MAINTAINERS: drop USB PV DRIVERS entry Wei Liu 2018-07-10 8:35 ` Jan Beulich 2018-07-10 8:36 ` George Dunlap 2018-07-10 8:15 ` [PATCH 2/2] MAINTAINERS: use https for git trees Wei Liu 2018-07-10 8:36 ` George Dunlap 2018-07-10 8:36 ` Jan Beulich 2018-07-10 8:39 ` Wei Liu 2018-07-10 8:47 ` Andrew Cooper 2018-07-10 8:49 ` Wei Liu 2018-07-10 10:23 ` Ian Jackson 2018-07-10 10:28 ` George Dunlap 2018-07-10 10:30 ` Wei Liu 2018-07-10 10:36 ` George Dunlap 2018-07-10 10:45 ` Wei Liu
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).