[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 2/2] MAINTAINERS: use https for git trees

To: George Dunlap <george.dunlap@xxxxxxxxxx>
From: Wei Liu <wei.liu2@xxxxxxxxxx>
Date: Tue, 10 Jul 2018 11:30:15 +0100
Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxx>
Delivery-date: Tue, 10 Jul 2018 10:30:22 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Tue, Jul 10, 2018 at 11:28:34AM +0100, George Dunlap wrote:
> On 07/10/2018 11:23 AM, Ian Jackson wrote:
> > Wei Liu writes ("Re: [PATCH 2/2] MAINTAINERS: use https for git trees"):
> >> On Tue, Jul 10, 2018 at 02:36:49AM -0600, Jan Beulich wrote:
> >>> On 10.07.18 at 10:15, <wei.liu2@xxxxxxxxxx> wrote:
> >>>> Signed-off-by: Wei Liu <wei.liu2@xxxxxxxxxx>
> >>>
> >>> What's wrong with git:// ? I think the commit message should be non-
> >>> empty here.
> >>
> >> git: is not encrypted, while https: is. At this time of age, it is
> >> better to use encryption as much as possible.
> > 
> > I agree with this change, so
> > 
> > Acked-by: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
> > 
> > 
> > Let me expand on Wei's reasons:
> > 
> > The git protocol is not just unencrypted, but also unauthenticated.
> > In theory it is possible to verify the signed tags for actual
> > releases, but that is a cumbersome process which I very much doubt
> > anyone really does.
> > 
> > As for the various branch tips, there is currently no way (unless you
> > have a shell account on xenbits) to get any kind of authenticated
> > value.
> > 
> > Conversely, if you use an https url, you get some cryptographic
> > authentication of what you are cloning.  The crypto there is far from
> > perfect but it is massively better than nothing.
> 
> I agree with this logic, but it should have been in the commit message.

Alright. I took it for granted that everyone would think the more
encryption the better.

I will put what Ian wrote into the commit message.

Wei.

> 
>  -George

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH 2/2] MAINTAINERS: use https for git trees
  - From: George Dunlap

References:
- [Xen-devel] [PATCH 0/2] MAINTAINERS cleanup
  - From: Wei Liu
- [Xen-devel] [PATCH 2/2] MAINTAINERS: use https for git trees
  - From: Wei Liu
- Re: [Xen-devel] [PATCH 2/2] MAINTAINERS: use https for git trees
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH 2/2] MAINTAINERS: use https for git trees
  - From: Wei Liu
- Re: [Xen-devel] [PATCH 2/2] MAINTAINERS: use https for git trees
  - From: Ian Jackson
- Re: [Xen-devel] [PATCH 2/2] MAINTAINERS: use https for git trees
  - From: George Dunlap

Prev by Date: Re: [Xen-devel] [PATCH 2/2] MAINTAINERS: use https for git trees
Next by Date: Re: [Xen-devel] [PATCH] hvm/altp2m: Clarify the proper way to extend the altp2m interface
Previous by thread: Re: [Xen-devel] [PATCH 2/2] MAINTAINERS: use https for git trees
Next by thread: Re: [Xen-devel] [PATCH 2/2] MAINTAINERS: use https for git trees
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.