[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#27795: Issues with upstream source for guile-emacs
|
From: |
Leo Famulari |
|
Subject: |
bug#27795: Issues with upstream source for guile-emacs |
|
Date: |
Sun, 23 Jul 2017 12:05:22 -0400 |
|
User-agent: |
Mutt/1.8.3 (2017-05-23) |
On Sun, Jul 23, 2017 at 04:22:06PM +0200, Ricardo Wurmus wrote:
>
> Ricardo Wurmus <address@hidden> writes:
>
> > Leo Famulari <address@hidden> writes:
> >
> >> While working on the bug 'Changing package source URLs from git:// to
> >> https://' [0], I noticed an issue with the sources for guile-emacs.
> >>
> >> We currently fetch this source code over the unauthenticated GIT
> >> protocol. It is also available over HTTPS. However, these two protocols
> >> are returning different Git repos for some reason.
> >
> > The clone times out for me:
> >
> > --8<---------------cut here---------------start------------->8---
> > git clone https://git.hcoop.net/git/bpt/emacs.git guile-emacs-over-https
> > Cloning into 'guile-emacs-over-https'...
> > ^C
> > --8<---------------cut here---------------end--------------->8---
> >
> > But the clone from git:// works fine.
> >
> > Is the repository actually served over HTTPS?
>
> Don’t mind me. It eventually worked. The repositories have different
> histories, and the https-repo looks like it is two commits behind.
> Looks like an older rebase.
>
> I’d say we should leave it with the current git:// URL.
The thing is, since the git:// protocol is unauthenticated, we could
assume that those extra two commits are added by a MitM :/
Somebody who is interested in guile-emacs should really ask upstream
what is going on.
signature.asc
Description: PGP signature