[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: .gitmodules security
From: |
Vincent Lefevre |
Subject: |
Re: .gitmodules security |
Date: |
Sun, 6 Feb 2022 21:26:30 +0100 |
User-agent: |
Mutt/2.1.5+134 (92686e5d) vl-138565 (2022-02-02) |
On 2022-02-06 21:22:11 +0100, Vincent Lefevre wrote:
> The .gitmodules file contains:
>
> [submodule "gnulib"]
> path = gnulib
> url = git://git.sv.gnu.org/gnulib.git
> [submodule "bootstrap"]
> path = gl-mod/bootstrap
> url = https://github.com/gnulib-modules/bootstrap.git
>
> but AFAIK, there is no host authentication done with the "git:"
> protocol, so that this is vulnerable to MitM attacks.
>
> How about changing this to https?
Additional details: i.e. https://git.savannah.gnu.org/git/gnulib.git
according to what is described on
https://www.gnu.org/software/gnulib/
--
Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
- .gitmodules security, Vincent Lefevre, 2022/02/06
- Re: .gitmodules security,
Vincent Lefevre <=
- Re: .gitmodules security, Alex Ameen, 2022/02/06
- Re: .gitmodules security, Vincent Lefevre, 2022/02/06
- Re: .gitmodules security, Mike Frysinger, 2022/02/06
- Re: .gitmodules security, Vincent Lefevre, 2022/02/06
- Re: .gitmodules security, Mike Frysinger, 2022/02/06
- Re: .gitmodules security, Vincent Lefevre, 2022/02/07
- Re: .gitmodules security, Mike Frysinger, 2022/02/07
- Re: .gitmodules security, Vincent Lefevre, 2022/02/07
- Re: .gitmodules security, Mike Frysinger, 2022/02/11
- Re: .gitmodules security, Vincent Lefevre, 2022/02/11