[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [savannah-help-public] 502: Fetching FreeType
|
From: |
armin |
|
Subject: |
Re: [savannah-help-public] 502: Fetching FreeType |
|
Date: |
Mon, 20 Aug 2018 00:00:13 +0200 |
>> Jesus Christ ... I'm sorry to hear that! All the best with locking
>> them out, no worries, take all the time it takes + thanks for the update!
>
> You know how it goes. It is why we can't have nice things. :-(
*hug*
>> Just a quick question: do you think switching to git:// would help
>> (you and/or us)?
>
> If you are using http:// now then switching to git:// would seem to be
> equivalent. Should avoid the current brownout problem. Until and unless
the
> attackers start hitting the git:// side of things too. Or instead of.
Alright, I'll try that then ... and ultimately saves a few clones (maybe up
to 100 on productive days) via the attack vector per day.
> (A lot of people consider both http:// and git:// insecure since they are
not
> encrypted. But git uses SHA1 hashes through the chain. I think it would
be
> very hard to change something in a way that isn't
> detected.)
Yeah cloning via http is bad anyways (I don't really know how that happened
tbh), about time to tackle that.
> At some point in the future probably only encrypted, authenticated,
authorized
> protocols might be acceptable. Anonymity has challenges.
Using ssh is always somewhat of a hassle however (esp. in combination with
automated tools) ...
> It's a hostile world out there. (Have you read Lord of the Flies
> recently?)
Haha, it's been a while but yes, I get it, I agree.