[PATCH] Clone anonymously, authenticate for pushing
Pavol Babincak
pbabinca at redhat.com
Fri Sep 26 15:16:08 UTC 2014
On 07/23/2014 04:36 PM, Mathieu Bridon wrote:
> On Wed, 2014-07-23 at 10:14 -0400, Ralph Bean wrote:
>> On Wed, Jul 23, 2014 at 07:41:19AM -0500, Rex Dieter wrote:
>>> On 07/23/2014 07:33 AM, Mathieu Bridon wrote:
>>>> This change makes the --anonymous/-a options completely unnecessary:
>>>> - clones are now always done anonymously
>>>> - pushes now always require authentication
>>>
>>> Thanks! For me, this would be a very welcome improvement.
>>
>> Agreed! I've seen new people get bit by it more than once when they
>> just want to look around and learn.
>
> We just discussed this in #fedora-releng, and tyll pointed out that
> someone could intercept and modify the contents of the repository while
> it being cloned, because the git protocol is not encrypted.
>
> As a result, someone could add bad commits on top of the latest HEAD
> from Dist Git, I'd get them when cloning, and if I don't pay attention I
> could end up pushing them back.
>
> Not sure that's a real threat, but it could mean this patch is not such
> a great idea after all. :-/
>
>
I discussed this issue with Till on Flock too. We might allow anonymous
clones and keep them safe by dropping git protocol completely and use
https instead. But this would probably require separate domain name
because we already use https and use client certificates to authenticate
people.
--
Pavol Babincak
Release Engineering, Red Hat
More information about the rel-eng
mailing list