Message ID | 20181031084309.9227-3-stefanha@redhat.com |
---|---|
State | New |
Headers | show |
Series | [1/4] README: use 'https://' instead of 'git://' | expand |
On Wed, Oct 31, 2018 at 08:43:07AM +0000, Stefan Hajnoczi wrote: > When you clone the repository without previous commit history, 'git://' > doesn't protect from man-in-the-middle attacks. HTTPS is more secure > since the client verifies the server certificate. > > Reported-by: Jann Horn <jannh@google.com> > Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> > --- > scripts/get_maintainer.pl | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Regards, Daniel
diff --git a/scripts/get_maintainer.pl b/scripts/get_maintainer.pl index 43fb5f512f..fc7275b9e2 100755 --- a/scripts/get_maintainer.pl +++ b/scripts/get_maintainer.pl @@ -1376,7 +1376,7 @@ sub vcs_exists { warn("$P: No supported VCS found. Add --nogit to options?\n"); warn("Using a git repository produces better results.\n"); warn("Try latest git repository using:\n"); - warn("git clone git://git.qemu.org/qemu.git\n"); + warn("git clone https//git.qemu.org/git/qemu.git\n"); $printed_novcs = 1; } return 0;
When you clone the repository without previous commit history, 'git://' doesn't protect from man-in-the-middle attacks. HTTPS is more secure since the client verifies the server certificate. Reported-by: Jann Horn <jannh@google.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> --- scripts/get_maintainer.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)