From mboxrd@z Thu Jan  1 00:00:00 1970
From: mailings at hupie.com (Ferry Huberts)
Date: Mon, 22 Feb 2016 20:59:32 +0100
Subject: Killing plaintext git:// in favor of https:// cloning
In-Reply-To: <20160222195042.99D6C82323@gnosis.slac.com>
References: <20160222195042.99D6C82323@gnosis.slac.com>
Message-ID: <56CB68A4.1010900@hupie.com>



On 22/02/16 20:50, Joe Anakata wrote:
>
> On 22/02/16 19:16, Jason A. Donenfeld wrote:
>
>>> Now that git.zx2c4.com runs over HTTPS, I'm considering getting rid of
>>> the plaintext git:// endpoint for cloning.
>
> Ferry Huberts Proclaimed Thus:
>
>> Yes, why?
>> What's the point?
>>
>> The repos are public, so cloning them over https bring nothing, except
>> extra overhead and server load.
>
> While pretty unlikely, in theory someone could MITM a git:// clone and
> send the user a hax0red branch of cgit with integrated botnet which
> the user then compiles and installs on their server.
>


That is a pretty unlikely and sophisticated attack vector, for 
admittedly little gain. Someone with an existing clone can immediately 
see that thing are off.

It is a vector though, so if you really want to defend against it, then 
just ignore my comments ;-)

> Not sure if the extra server load is worth it to defend against this
> case or not.  (Also, presumably the server is using the cgit smart http
> endpoint so https clone is not much additional DATA, just the ssl
> handshake; but definitely additional cpu for crypto operations.)
>
> Thanks
> -Joe
> _______________________________________________
> CGit mailing list
> CGit at lists.zx2c4.com
> http://lists.zx2c4.com/mailman/listinfo/cgit
>

-- 
Ferry Huberts