[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: .gitmodules security
From: |
Mike Frysinger |
Subject: |
Re: .gitmodules security |
Date: |
Sun, 6 Feb 2022 16:43:47 -0500 |
On 06 Feb 2022 14:59, Alex Ameen wrote:
> Hey, I can't claim to be an expert about this category of vulnerability;
> but I appreciate you raising this concern.
it requires more than a MITM to be successful. you'd also have to come up with
a sha1 collision which is non-trivial for most people. not out of the reach of
nation states, but we prob aren't the target market :p.
i'm not against changing to https of course, just providing a bit more color.
> So is your recommendation to use
> https://git.savannah.gnu.org/git/gnulib.git instead of
> git://git.sv.gnu.org/gnulib.git?
i'll note that just about every GNU project utilizes gnulib is using the git://
style. looks like gnulib itself only changed its advice about a year ago.
http://git.savannah.gnu.org/cgit/gnulib.git/commit/?h=b7da35aebaeece97dd8946072952979bb67f8db2
-mike
signature.asc
Description: PGP signature
- .gitmodules security, Vincent Lefevre, 2022/02/06
- Re: .gitmodules security, Vincent Lefevre, 2022/02/06
- Re: .gitmodules security, Alex Ameen, 2022/02/06
- Re: .gitmodules security, Vincent Lefevre, 2022/02/06
- Re: .gitmodules security,
Mike Frysinger <=
- Re: .gitmodules security, Vincent Lefevre, 2022/02/06
- Re: .gitmodules security, Mike Frysinger, 2022/02/06
- Re: .gitmodules security, Vincent Lefevre, 2022/02/07
- Re: .gitmodules security, Mike Frysinger, 2022/02/07
- Re: .gitmodules security, Vincent Lefevre, 2022/02/07
- Re: .gitmodules security, Mike Frysinger, 2022/02/11
- Re: .gitmodules security, Vincent Lefevre, 2022/02/11
- Re: .gitmodules security, Alex Ameen, 2022/02/13