search

tpope / vim-pathogen

pathogen.vim: manage your runtimepath
http://www.vim.org/scripts/script.php?script_id=2332
Vim License
12.12k stars 1.16k forks source link

Do not recommend the use unauthenticated git cloning #179

Closed ypid closed 7 years ago

ypid commented 7 years ago

The README gives an example like this:

cd ~/.vim/bundle && \
git clone git://github.com/tpope/vim-sensible.git

which should really be:

cd ~/.vim/bundle && \
git clone https://github.com/tpope/vim-sensible.git

The problem is that the git protocol has no message authentication.

This issue seems to also effect your Vim plugins.

tpope commented 7 years ago

It's actually been on my todo list to replace all my URLs with a hosting agnostic redirect. Something like

git clone https://tpope.io/vim/sensible.git
ypid commented 7 years ago

It's actually been on my todo list to replace all my URLs with a hosting agnostic redirect.

Sounds good. In that case you could maybe even completely self host the mirror instead of redirecting?