https access to git repo?

Eric Blake
Fri Nov 2 13:20:00 GMT 2018 recommends the use of git:// for accessing 
the cygwin git repo.  However, git:// suffers from man-in-the-middle 
attacks, in comparison to https://.  On the other hand, performance of 
https:// is much worse than git:// UNLESS the git server is running a 
new enough version of git, such that it advertises 
application/x-git-upload-pack-advertisement support.

Alas, the current sourceware server is running an old version of git:

$ wget -S 
2>&1 | grep Content-Type
   Content-Type: text/plain; charset=UTF-8

Contrast that with other git repos:

$ wget -S 
'' 2>&1 | 
grep Content-Type
   Content-Type: application/x-git-upload-pack-advertisement

Is there a chance we can get sourceware to upgrade to a newer git 
server, and then update our recommendations to point people to https:// 
clones instead of insecure git://, and without the current speed penalty 
that current https:// access through our non-upgraded server provides?

Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3266
Virtualization: |

More information about the Cygwin-developers mailing list