|
| From: | David A. Wheeler |
| Subject: | [savannah-help-public] [sr #109093] Support and require cloning via https:// instead of git://, http://, svn://, or other insecure transport |
| Date: | Sat, 30 Jul 2016 19:41:36 +0000 (UTC) |
| User-agent: | Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0 |
Follow-up Comment #2, sr #109093 (project administration):
I agree, supporting HTTPS on the repo is critically important. This lack
makes it easy for someone to launch a MITM attack on the code supported by
Savannah.
Note that the Linux Foundation's "best practices" badge makes HTTPS a minimum
requirement:
<https://github.com/linuxfoundation/cii-best-practices-badge/blob/master/doc/criteria.md#sites_https>.
What's the blocker? Is there anything that can be done to help? Savannah
already has the needed TLS certs, so I imagine that all that's needed is a
minor configuration change.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/support/?109093>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
| [Prev in Thread] | Current Thread | [Next in Thread] |