just noted: while @sourceforge uses HTTPS for its webpage now, there's no secure git cloning option. only http:// + git://
While ugly and perhaps buggy, confirming hash via web ui over https and using git fsck is, in theory, secure cloning.
-
-
don't... reminds me of people telling me "you can check the pgp sig". baseline security should happen automatically
-
I agree it's unacceptable security UX; just meant you can work around it in a pinch.
-
Hey guys, we've just enabled https for git and svn cloning. Thanks for bringing that to our attention.
-
thanks, that's good. however: You still default to git:// and you still call the https-variant "HTTP".
-
I think the insecure git://-protocol shouldn't be advertised (maybe still offered for compatibility)
-
This is now updated too.
End of conversation
New conversation -
-
-
Also modulo sha1 weakness, of course.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.