Closed eighthave closed 6 years ago
Since git does not always verify the commits it downloads
Won't the submodule checkout fail if git receives something that doesn't correspond to the SHA1 hashes that are stored for each submodule in the main repo?
Since git does not always verify the commits it downloads, submodules should always use HTTPS in order to improve the security of the build process.