From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/14002 Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail From: vlse Newsgroups: gmane.linux.lib.musl.general Subject: Re: Supporting git access via smart HTTPS protocol for musl-libc Date: Tue, 26 Mar 2019 07:13:46 +0530 Message-ID: <20190326014346.GA8855@localhost> References: <20190324103306.GB1830@localhost> <20190326003411.GC1872@localhost> <20190326010933.GC3713@localhost> <397c5906-090a-460e-7ea8-8f9248e0be59@adelielinux.org> Reply-To: musl@lists.openwall.com Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226"; logging-data="168375"; mail-complaints-to="usenet@blaine.gmane.org" User-Agent: Mutt/1.4.2.3i Cc: awilfox@adelielinux.org To: musl@lists.openwall.com Original-X-From: musl-return-14018-gllmg-musl=m.gmane.org@lists.openwall.com Tue Mar 26 02:43:38 2019 Return-path: Envelope-to: gllmg-musl@m.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by blaine.gmane.org with smtp (Exim 4.89) (envelope-from ) id 1h8b7q-000hhq-09 for gllmg-musl@m.gmane.org; Tue, 26 Mar 2019 02:43:38 +0100 Original-Received: (qmail 13879 invoked by uid 550); 26 Mar 2019 01:43:36 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Original-Received: (qmail 13861 invoked from network); 26 Mar 2019 01:43:35 -0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=veera.biz; s=default; h=In-Reply-To:Content-Transfer-Encoding:Content-Type:Mime-Version :References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=0r6/7EkwRCMvzeVI1jFYywHFg14fmgO2HbhEOkYdJv8=; b=n6/dJ8d9bRzJe0lIcICZtnBpEV jjJl9ZroDGP+3K14YL6+p9x2Ye704u+o8DRX/vMRSXO/l2NTkITZRFOozxUt9hf1d5Ac55TcsQGKQ s5atZPRWOybtGPWusSX2UKd/+qmtoDhGX+umCBTU+jjNBXmtKtBJrJuAUH4gzBZsAcV7g0Lf0vxj1 Pxa+Wg+1GWJfiJNhUNPQAbwHE6lVRaCBGOY/r+Epy62eZmcc7B6Sh4jj3RBqrR431hTQyyqNVP6sU VUv2QGDH/ViBXUGzBFShZgzLiink88FFtApj+c+NU5v+goq56+fCqURvpvmrUxo4gtsRKUqLyf5iU pCpf0DoA==; Content-Disposition: inline In-Reply-To: <397c5906-090a-460e-7ea8-8f9248e0be59@adelielinux.org> X-OutGoing-Spam-Status: No, score=-0.2 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - in-pun-ln-srv139.advancedserverdns.com X-AntiAbuse: Original Domain - lists.openwall.com X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - veera.biz X-Get-Message-Sender-Via: in-pun-ln-srv139.advancedserverdns.com: authenticated_id: vlse@veera.biz X-Authenticated-Sender: in-pun-ln-srv139.advancedserverdns.com: vlse@veera.biz Xref: news.gmane.org gmane.linux.lib.musl.general:14002 Archived-At: Hi, On Mon, Mar 25, 2019 at 08:17:26PM -0500, A. Wilcox wrote: > On 03/25/19 20:09, vlse wrote: > > Hello, > > > > Would musl-libc support git access via smart HTTPS protocol. > > As git man page says as well as stackoverflow site that using git protocol > > is fine for lan operations. > > But for internet git access, either ssh or https smart protocol use > > is necessary to prevent man in the middle attack. > > This is more an argument for signing commits so that they are > cryptographically provable. HTTPS is trivial to MITM, especially for > the kind of actors that would care enough to MITM musl at all. > How HTTPS is trivial to MITM. If we have secure certificates from musl site, then MITM is not possible. And many important transactions in the world depend on https. > > > Please consider giving secure git access. Also smart http/s protocol > > is way better than dumb protocol. It avoids downloading too much data > > again and also shows progress and stats. > > There is absolutely no difference in transmitted data between the Git > protocol and the HTTP Git transport, other than the useless overhead of > HTTP messages, which actually skews favour towards the Git protocol. > Also, the Git protocol is in my experience much much faster. > Yeah I know git protocol is faster. And http/s does have little more overhead. For HTTP/S there are two protocols dumb and smart. And here in it are the differences. > > The Git transport definitely can show progress and stats, the same as > the HTTP transport: > > > awilcox on gwyn [pts/18 Mon 25 20:13] ~: git clone > git://git.musl-libc.org/musl > Cloning into 'musl'... > remote: Counting objects: 31396, done. > remote: Compressing objects: 100% (12589/12589), done. > I was not comparing http/s with git protocol. But http/s smart with http/s dumb protocol. Dumb protolcol does not shows progress and stats. Also dumb protocol of http/s has more overhead for subsequent git pull or fetch. > > Personally I would be okay with musl offering an HTTP(S) transport as an > option, but please do not take away the Git transport. It is much > faster in my experience. Every second wasted on stupid HTTP traffic is > a second of my life I can't get back. > I was not requesting to stop git protocol. All I wanted was addition of https smart protocol for additional security and safety for git access in internet. > --arw > A. Wilcox (awilfox) > Project Lead, Adélie Linux > https://www.adelielinux.org > Regards, Veera