https access to git repo?
Corinna Vinschen
corinna-cygwin@cygwin.com
Mon Nov 5 08:52:00 GMT 2018
On Nov 2 10:32, cyg Simple wrote:
> On 11/2/2018 9:20 AM, Eric Blake wrote:
> > https://cygwin.com/git.html recommends the use of git:// for accessing
> > the cygwin git repo. However, git:// suffers from man-in-the-middle
> > attacks, in comparison to https://. On the other hand, performance of
> > https:// is much worse than git:// UNLESS the git server is running a
> > new enough version of git, such that it advertises
> > application/x-git-upload-pack-advertisement support.
> >
> > Alas, the current sourceware server is running an old version of git:
> >
> > $ wget -S
> > 'http://sourceware.org/git/newlib-cygwin.git/info/refs?service=git-upload-pack'
> > 2>&1 | grep Content-Type
> > Content-Type: text/plain; charset=UTF-8
> >
> > Contrast that with other git repos:
> >
> > $ wget -S
> > 'https://repo.or.cz/qemu.git/info/refs?service=git-upload-pack' 2>&1 |
> > grep Content-Type
> > Content-Type: application/x-git-upload-pack-advertisement
> >
> > Is there a chance we can get sourceware to upgrade to a newer git
> > server, and then update our recommendations to point people to https://
> > clones instead of insecure git://, and without the current speed penalty
> > that current https:// access through our non-upgraded server provides?
>
> You'll need to ask overseerers@sourceware.org. They may have it on
> there radar already but it doesn't hurt to ask.
ACK
--
Corinna Vinschen
Cygwin Maintainer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin-developers/attachments/20181105/3d2deef2/attachment.sig>
More information about the Cygwin-developers
mailing list