This is the mail archive of the cygwin-developers mailing list for the Cygwin project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
On Nov 2 10:32, cyg Simple wrote: > On 11/2/2018 9:20 AM, Eric Blake wrote: > > https://cygwin.com/git.html recommends the use of git:// for accessing > > the cygwin git repo. However, git:// suffers from man-in-the-middle > > attacks, in comparison to https://. ; On the other hand, performance of > > https:// is much worse than git:// UNLESS the git server is running a > > new enough version of git, such that it advertises > > application/x-git-upload-pack-advertisement support. > > > > Alas, the current sourceware server is running an old version of git: > > > > $ wget -S > > 'http://sourceware.org/git/newlib-cygwin.git/info/refs?service=git-upload-pack' > > 2>&1 | grep Content-Type > > Content-Type: text/plain; charset=UTF-8 > > > > Contrast that with other git repos: > > > > $ wget -S > > 'https://repo.or.cz/qemu.git/info/refs?service=git-upload-pack' 2>&1 | > > grep Content-Type > > Content-Type: application/x-git-upload-pack-advertisement > > > > Is there a chance we can get sourceware to upgrade to a newer git > > server, and then update our recommendations to point people to https:// > > clones instead of insecure git://, and without the current speed penalty > > that current https:// access through our non-upgraded server provides? > > You'll need to ask overseerers@sourceware.org. They may have it on > there radar already but it doesn't hurt to ask. ACK -- Corinna Vinschen Cygwin Maintainer
Attachment:
signature.asc
Description: PGP signature
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |