Xen project Mailing List

Re: [Xen-devel] [PATCH 2/2] MAINTAINERS: use https for git trees

To: George Dunlap <george.dunlap@xxxxxxxxxx>

Date: Tue, 10 Jul 2018 11:45:54 +0100

Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxx>

Delivery-date: Tue, 10 Jul 2018 10:46:09 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Tue, Jul 10, 2018 at 11:36:33AM +0100, George Dunlap wrote: > On 07/10/2018 11:30 AM, Wei Liu wrote: > > On Tue, Jul 10, 2018 at 11:28:34AM +0100, George Dunlap wrote: > >> On 07/10/2018 11:23 AM, Ian Jackson wrote: > >>> Wei Liu writes ("Re: [PATCH 2/2] MAINTAINERS: use https for git trees"): > >>>> On Tue, Jul 10, 2018 at 02:36:49AM -0600, Jan Beulich wrote: > >>>>> On 10.07.18 at 10:15, <wei.liu2@xxxxxxxxxx> wrote: > >>>>>> Signed-off-by: Wei Liu <wei.liu2@xxxxxxxxxx> > >>>>> > >>>>> What's wrong with git:// ? I think the commit message should be non- > >>>>> empty here. > >>>> > >>>> git: is not encrypted, while https: is. At this time of age, it is > >>>> better to use encryption as much as possible. > >>> > >>> I agree with this change, so > >>> > >>> Acked-by: Ian Jackson <ian.jackson@xxxxxxxxxxxxx> > >>> > >>> > >>> Let me expand on Wei's reasons: > >>> > >>> The git protocol is not just unencrypted, but also unauthenticated. > >>> In theory it is possible to verify the signed tags for actual > >>> releases, but that is a cumbersome process which I very much doubt > >>> anyone really does. > >>> > >>> As for the various branch tips, there is currently no way (unless you > >>> have a shell account on xenbits) to get any kind of authenticated > >>> value. > >>> > >>> Conversely, if you use an https url, you get some cryptographic > >>> authentication of what you are cloning. The crypto there is far from > >>> perfect but it is massively better than nothing. > >> > >> I agree with this logic, but it should have been in the commit message. > > > > Alright. I took it for granted that everyone would think the more > > encryption the better. > > > > I will put what Ian wrote into the commit message. > > Well in general, the more things are encrypted, the less conspicuous > encrypted traffic looks. But on the other hand, there may be other > costs with switching from git to https -- more server computation time, > longer download time, &c. If it were just a general "make more > encrypted traffic to make encryption of actual secrets more safe", I > don't think it would be worth degrading performance / increasing server > compute time. But for an extra level of authentication, I think it's > worth it. > > And in any case, I think it's almost always worth at least a brief line > for the archaeologists. Imagine 10 years down the road someone wants to > know why it changed -- was it because we shut down the git servers? Was > it because https was measured as being faster? Was it to get around > firewalls? Or was is just to improve authentication? It may matter. I don't fully agree what you said above but I'm not going to argue because I've got what I wanted. :-) Wei. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.