GitHub's disabling of TLS pre-1.2 means that (purposefully) old dev/test boxes will switch from https:// to git:// for their git pulls. If GitHub continued to offer TLS 1.0/1.1 on a hostname called "insecure" or such, it'd send the same message without triggering such downgrades.
I guess you mean manually switch/fallback? Couldn't they configure https proxy with a proxy box that speaks TLS 1.2?
-
-
Yes, manually. Proxy is an option. Building newer SSL lib & rebuilding git is another option. Switching to git:// is a quicker option, and may very well be a better trade-off. It's rarely all about security, not even to me, and the use of https may have been opportunistic anyway.
-
Attack surface in the git client/data-model/protocol is probably more of a concern than repo integrity; the latter can be checked with git fsck if you know the hash you wanted until sha1 collisions become practical.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.