From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 120638 invoked by alias); 2 Nov 2018 14:37:19 -0000 Mailing-List: contact overseers-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: , Sender: overseers-owner@sourceware.org Received: (qmail 120605 invoked by uid 89); 2 Nov 2018 14:37:15 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-1.9 required=5.0 tests=BAYES_00,KAM_SHORT,SPF_HELO_PASS autolearn=ham version=3.3.2 spammy=principal, Hx-languages-length:1558, insecure, recommendations X-HELO: mx1.redhat.com Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 02 Nov 2018 14:37:13 +0000 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 625D62D7E6 for ; Fri, 2 Nov 2018 14:37:12 +0000 (UTC) Received: from [10.10.124.88] (ovpn-124-88.rdu2.redhat.com [10.10.124.88]) by smtp.corp.redhat.com (Postfix) with ESMTP id 02A605D6A6 for ; Fri, 2 Nov 2018 14:37:11 +0000 (UTC) Subject: Re: https access to git repo? To: overseers@sourceware.org References: <09575e79-a64c-6227-34e3-3bc10290e7a5@redhat.com> <6b35da7f-91bc-92d2-6ea3-71cbe5d3d768@gmail.com> From: Eric Blake Message-ID: <32804d18-e9d4-5cd4-fca5-d3d9274ec3b1@redhat.com> Date: Fri, 02 Nov 2018 14:37:00 -0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1 MIME-Version: 1.0 In-Reply-To: <6b35da7f-91bc-92d2-6ea3-71cbe5d3d768@gmail.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-SW-Source: 2018-q4/txt/msg00030.txt.bz2 Forwarding a message from cygwin-developers: On 11/2/18 9:32 AM, cyg Simple wrote: > On 11/2/2018 9:20 AM, Eric Blake wrote: >> https://cygwin.com/git.html recommends the use of git:// for accessing >> the cygwin git repo.  However, git:// suffers from man-in-the-middle >> attacks, in comparison to https://.  On the other hand, performance of >> https:// is much worse than git:// UNLESS the git server is running a >> new enough version of git, such that it advertises >> application/x-git-upload-pack-advertisement support. >> >> Alas, the current sourceware server is running an old version of git: >> >> $ wget -S >> 'http://sourceware.org/git/newlib-cygwin.git/info/refs?service=git-upload-pack' >> 2>&1 | grep Content-Type >>   Content-Type: text/plain; charset=UTF-8 >> >> Contrast that with other git repos: >> >> $ wget -S >> 'https://repo.or.cz/qemu.git/info/refs?service=git-upload-pack' 2>&1 | >> grep Content-Type >>   Content-Type: application/x-git-upload-pack-advertisement >> >> Is there a chance we can get sourceware to upgrade to a newer git >> server, and then update our recommendations to point people to https:// >> clones instead of insecure git://, and without the current speed penalty >> that current https:// access through our non-upgraded server provides? > > You'll need to ask overseerers@sourceware.org. They may have it on > there radar already but it doesn't hurt to ask. > -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3266 Virtualization: qemu.org | libvirt.org