technomancy
commented
6 years ago Any thoughts on this?
Closed technomancy closed 6 years ago
technomancy
commented
6 years ago Any thoughts on this?
jeapostrophe
commented
6 years ago I think it is a good idea and will merge it shortly.
technomancy
commented
6 years ago Thanks!
Downloading executable code from a git repository that doesn't have encryption is inadvisable since it can be intercepted and replaced by a man-in-the-middle attacker. GitHub recommends doing clones over HTTPS, and according to mflatt even if you request the git:// transport it will be ignored and https:// is used scenes anyway, so we shouldn't claim to support it.
It may make sense to allow SSH connections as well as HTTPS, but I don't think the "transport" drop-down is a good idea for this since you need to specify a username when making an SSH connection.