Closed julianbrost closed 7 years ago
This is already user configurable. Those who care to switch, can do so.
asp uses the insecure option by default which really is a bad idea IMHO as software should be secure by default.
The technical reason this isn't done is because git's http transport was previously inferior to the git transport. I don't see these deficiencies any longer.
The git protocol provides no authentication and thus is vulnerable to man-in-the-middle attacks. git.archlinux.org supports cloning via HTTPS so please use that by default.