From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/14001 Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail From: Rich Felker Newsgroups: gmane.linux.lib.musl.general Subject: Re: Supporting git access via smart HTTPS protocol for musl-libc Date: Mon, 25 Mar 2019 21:37:06 -0400 Message-ID: <20190326013706.GV23599@brightrain.aerifal.cx> References: <20190324103306.GB1830@localhost> <20190326003411.GC1872@localhost> <20190326010933.GC3713@localhost> <397c5906-090a-460e-7ea8-8f9248e0be59@adelielinux.org> Reply-To: musl@lists.openwall.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226"; logging-data="144314"; mail-complaints-to="usenet@blaine.gmane.org" User-Agent: Mutt/1.5.21 (2010-09-15) To: musl@lists.openwall.com Original-X-From: musl-return-14017-gllmg-musl=m.gmane.org@lists.openwall.com Tue Mar 26 02:37:22 2019 Return-path: Envelope-to: gllmg-musl@m.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by blaine.gmane.org with smtp (Exim 4.89) (envelope-from ) id 1h8b1l-000bTZ-K9 for gllmg-musl@m.gmane.org; Tue, 26 Mar 2019 02:37:21 +0100 Original-Received: (qmail 9907 invoked by uid 550); 26 Mar 2019 01:37:19 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Original-Received: (qmail 9888 invoked from network); 26 Mar 2019 01:37:18 -0000 Content-Disposition: inline In-Reply-To: <397c5906-090a-460e-7ea8-8f9248e0be59@adelielinux.org> Original-Sender: Rich Felker Xref: news.gmane.org gmane.linux.lib.musl.general:14001 Archived-At: On Mon, Mar 25, 2019 at 08:17:26PM -0500, A. Wilcox wrote: > On 03/25/19 20:09, vlse wrote: > > Hello, > > > > Would musl-libc support git access via smart HTTPS protocol. > > As git man page says as well as stackoverflow site that using git protocol > > is fine for lan operations. > > But for internet git access, either ssh or https smart protocol use > > is necessary to prevent man in the middle attack. > > This is more an argument for signing commits so that they are > cryptographically provable. HTTPS is trivial to MITM, especially for > the kind of actors that would care enough to MITM musl at all. > > Threat models, people. The request is reasonable. HTTPS is *not* "trivial to MITM", and essentially impossible to do so without detection and a trail of responsibility, especially now that CT logs are a thing. However, until breaking sha1 (much worse than it's broken now) is practical, you can also verify authenticity of a git repo via "git fsck" and a known good source of the commit hash (e.g. cgit over https). > > Please consider giving secure git access. Also smart http/s protocol > > is way better than dumb protocol. It avoids downloading too much data > > again and also shows progress and stats. > > > There is absolutely no difference in transmitted data between the Git > protocol and the HTTP Git transport, other than the useless overhead of > HTTP messages, which actually skews favour towards the Git protocol. > Also, the Git protocol is in my experience much much faster. > > The Git transport definitely can show progress and stats, the same as > the HTTP transport: > > awilcox on gwyn [pts/18 Mon 25 20:13] ~: git clone > git://git.musl-libc.org/musl > Cloning into 'musl'... > remote: Counting objects: 31396, done. > remote: Compressing objects: 100% (12589/12589), done. > remote: Total 31396 (delta 22605), reused 25698 (delta 18440) > Receiving objects: 100% (31396/31396), 4.77 MiB | 3.17 MiB/s, done. > Resolving deltas: 100% (22605/22605), done. > > > (It did show the progress as it was downloading, but since I am on a > fairly fast link, I couldn't copy it.) > > Personally I would be okay with musl offering an HTTP(S) transport as an > option, but please do not take away the Git transport. It is much > faster in my experience. Every second wasted on stupid HTTP traffic is > a second of my life I can't get back. Of course the git transport won't be taken away. I'd like to add https support, but I'm not sure how to do it without a nasty bloated httpd that would increase server resource requirements by 1-2 orders of magnitude. If anyone knows a way to hook up thttpd to it, I'll give it a try. Rich