Re: Supporting git access via smart HTTPS protocol for musl-libc

mailing list of musl libc
 help / color / mirror / code / Atom feed

From: "A. Wilcox" <awilfox@adelielinux.org>
To: musl@lists.openwall.com
Subject: Re: Supporting git access via smart HTTPS protocol for musl-libc
Date: Mon, 25 Mar 2019 20:17:26 -0500	[thread overview]
Message-ID: <397c5906-090a-460e-7ea8-8f9248e0be59@adelielinux.org> (raw)
In-Reply-To: <20190326010933.GC3713@localhost>

[-- Attachment #1.1: Type: text/plain, Size: 1986 bytes --]

On 03/25/19 20:09, vlse wrote:
> Hello,
> 
> Would musl-libc support git access via smart HTTPS protocol.
> As git man page says as well as stackoverflow site that using git protocol
> is fine for lan operations.
> But for internet git access, either ssh or https smart protocol use
> is necessary to prevent man in the middle attack.

This is more an argument for signing commits so that they are
cryptographically provable.  HTTPS is trivial to MITM, especially for
the kind of actors that would care enough to MITM musl at all.

Threat models, people.

> Please consider giving secure git access. Also smart http/s protocol
> is way better than dumb protocol. It avoids downloading too much data
> again and also shows progress and stats.

There is absolutely no difference in transmitted data between the Git
protocol and the HTTP Git transport, other than the useless overhead of
HTTP messages, which actually skews favour towards the Git protocol.
Also, the Git protocol is in my experience much much faster.

The Git transport definitely can show progress and stats, the same as
the HTTP transport:

awilcox on gwyn [pts/18 Mon 25 20:13] ~: git clone
git://git.musl-libc.org/musl
Cloning into 'musl'...
remote: Counting objects: 31396, done.
remote: Compressing objects: 100% (12589/12589), done.
remote: Total 31396 (delta 22605), reused 25698 (delta 18440)
Receiving objects: 100% (31396/31396), 4.77 MiB | 3.17 MiB/s, done.
Resolving deltas: 100% (22605/22605), done.

(It did show the progress as it was downloading, but since I am on a
fairly fast link, I couldn't copy it.)

Personally I would be okay with musl offering an HTTP(S) transport as an
option, but please do not take away the Git transport.  It is much
faster in my experience.  Every second wasted on stupid HTTP traffic is
a second of my life I can't get back.

--arw

-- 
A. Wilcox (awilfox)
Project Lead, Adélie Linux
https://www.adelielinux.org

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

next prev parent reply	other threads:[~2019-03-26  1:17 UTC|newest]

Thread overview: 29+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20190324103306.GB1830@localhost>
     [not found] ` <20190326003411.GC1872@localhost>
2019-03-26  1:09   ` vlse
2019-03-26  1:17     ` A. Wilcox [this message]
2019-03-26  1:37       ` Rich Felker
2019-03-26  1:54         ` vlse
2019-03-26  2:59           ` Rich Felker
2019-03-26 10:02             ` vlse
2019-03-26 10:36               ` Laurent Bercot
2019-03-26 15:04               ` Rich Felker
2019-03-26 15:09                 ` Drew DeVault
2019-03-26 15:13                   ` Rich Felker
2019-03-26 15:43                     ` Drew DeVault
2019-03-26 15:47                       ` Rich Felker
2019-03-26 15:57                         ` Drew DeVault
2019-03-26 17:57                           ` Rich Felker
2019-03-26 20:32                             ` A. Wilcox
2019-03-26 20:39                             ` Assaf Gordon
2019-03-26 22:02                               ` Rich Felker
2019-03-26 22:32                                 ` Assaf Gordon
2019-03-26 23:58                                   ` Rich Felker
2019-03-27  0:15                                     ` Rich Felker
2019-03-27  5:39                                       ` vlse
2019-03-27 17:26                                         ` Assaf Gordon
2019-03-27 17:41                                           ` Assaf Gordon
2019-04-03  6:42                                           ` vlse
2019-03-26 10:19             ` Jens Gustedt
2019-03-26 10:30               ` vlse
2019-03-26 14:59               ` Rich Felker
2019-03-26  1:43       ` vlse
2019-03-26  2:29         ` A. Wilcox

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=397c5906-090a-460e-7ea8-8f9248e0be59@adelielinux.org \
    --to=awilfox@adelielinux.org \
    --cc=musl@lists.openwall.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://git.vuxu.org/mirror/musl/

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).