search

openscad / MCAD

OpenSCAD Parametric CAD Library (LGPL 2.1)
http://reprap.org/wiki/MCAD
578 stars 192 forks source link

use https for submodules #34

Closed l29ah closed 6 years ago

hyperair commented 6 years ago

Why, though?

l29ah commented 6 years ago

On Tue, Dec 26, 2017 at 04:46:29PM +0000, Chow Loong Jin wrote:

Why, though?

To avoid the MITM vulnerability.

-- () ascii ribbon campaign - against html mail /\ http://arc.pasp.de/ - against proprietary attachments

hyperair commented 6 years ago

I don't think there's much chance for active MITM here (commit SHAs of submodules are stored in the tree of the parent repo), but I guess there's no harm in accepting this. Pushing over https is annoying, but cloning over https isn't too bad.

l29ah commented 6 years ago

On Tue, Dec 26, 2017 at 08:59:08AM -0800, Chow Loong Jin wrote:

I don't think there's much chance for active MITM here (commit SHAs of submodules are stored in the tree of the parent repo), but I guess there's no harm in accepting this. Pushing over https is annoying, but cloning over https isn't too bad.

Sounds legit. Gentoo is complaining anyway when it recursively fetches git repos for building :/

-- () ascii ribbon campaign - against html mail /\ http://arc.pasp.de/ - against proprietary attachments