| 1 |
On Sun, Mar 29, 2015 at 1:52 PM, Sebastian Pipping <sping@g.o> wrote: |
| 2 |
> On 29.03.2015 19:39, Andrew Savchenko wrote: |
| 3 |
>> On Sun, 29 Mar 2015 18:41:33 +0200 Sebastian Pipping wrote: |
| 4 |
>>> So I would like to propose that |
| 5 |
>>> |
| 6 |
>>> * support for Git access through https:// is activated, |
| 7 |
>>> |
| 8 |
>>> * Git access through http:// and git:// is deactivated, and |
| 9 |
>> |
| 10 |
>> Some people have https blocked. http:// and git:// must be |
| 11 |
>> available read-only. |
| 12 |
> |
| 13 |
> They would not do online banking over http, right? Why would they run |
| 14 |
> code with root privileges from http? |
| 15 |
> |
| 16 |
|
| 17 |
I don't see the point in disabling it. Certainly we should support |
| 18 |
ssl though. If people want to obtain their code over http they should |
| 19 |
be permitted to do so. Even without using ssl it is easy to just |
| 20 |
check that your commit hash is correct and it becomes as tamper-proof |
| 21 |
as sha1 (tell me again why the scm of the future is still using |
| 22 |
sha1?). |
| 23 |
|
| 24 |
-- |
| 25 |
Rich |
Archives