1 |
On Sun, Mar 29, 2015 at 1:52 PM, Sebastian Pipping <sping@g.o> wrote: |
2 |
> On 29.03.2015 19:39, Andrew Savchenko wrote: |
3 |
>> On Sun, 29 Mar 2015 18:41:33 +0200 Sebastian Pipping wrote: |
4 |
>>> So I would like to propose that |
5 |
>>> |
6 |
>>> * support for Git access through https:// is activated, |
7 |
>>> |
8 |
>>> * Git access through http:// and git:// is deactivated, and |
9 |
>> |
10 |
>> Some people have https blocked. http:// and git:// must be |
11 |
>> available read-only. |
12 |
> |
13 |
> They would not do online banking over http, right? Why would they run |
14 |
> code with root privileges from http? |
15 |
> |
16 |
|
17 |
I don't see the point in disabling it. Certainly we should support |
18 |
ssl though. If people want to obtain their code over http they should |
19 |
be permitted to do so. Even without using ssl it is easy to just |
20 |
check that your commit hash is correct and it becomes as tamper-proof |
21 |
as sha1 (tell me again why the scm of the future is still using |
22 |
sha1?). |
23 |
|
24 |
-- |
25 |
Rich |