undef/git-commit-vandalism
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

documentation: add git:// transport security notice

Browse Source 
The fact that the git:// transport does no authentication is easily
overlooked.  For example, DNS poisoning may result in fetching from
somewhere that was not intended.

Add a brief security notice to the "GIT URLS" section
of the documentation stating that the git transport should be used
with caution on unsecured networks.

Signed-off-by: Fraser Tweedale <frase@frase.id.au>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Fraser Tweedale 2013-06-26 15:53:59 +10:00 committed by Junio C Hamano
parent c0add3073a
commit 20618016df
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Documentation/urls.txt
View File

@ -11,6 +11,9 @@ and ftps can be used for fetching and rsync can be used for fetching
and pushing, but these are inefficient and deprecated; do not use
them).
The native transport (i.e. git:// URL) does no authentication and
should be used with caution on unsecured networks.
The following syntaxes may be used with them:
- ssh://{startsb}user@{endsb}host.xz{startsb}:port{endsb}/path/to/repo.git/