From mboxrd@z Thu Jan  1 00:00:00 1970
From: webmaster at eclipse.org (Eclipse Webmaster (Denis Roy))
Date: Mon, 22 Feb 2016 14:57:07 -0500
Subject: Killing plaintext git:// in favor of https:// cloning
In-Reply-To: <20160222195042.99D6C82323@gnosis.slac.com>
References: <20160222195042.99D6C82323@gnosis.slac.com>
Message-ID: <56CB6813.1070108@eclipse.org>

On 22/02/16 02:50 PM, Joe Anakata wrote:
>> Yes, why?
>> What's the point?
>>
>> The repos are public, so cloning them over https bring nothing, except
>> extra overhead and server load.
> While pretty unlikely, in theory someone could MITM a git:// clone and
> send the user a hax0red branch of cgit with integrated botnet which
> the user then compiles and installs on their server.
>

Everything is possible "in theory" ... But folks really need to stop 
thinking that https is the impenetrable solution to everything.