Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 26 Mar 2019 07:24:35 +0530
From: vlse <vlse@...ra.biz>
To: musl@...ts.openwall.com
Subject: Re: Supporting git access via smart HTTPS protocol for musl-libc

Hi,

On Mon, Mar 25, 2019 at 09:37:06PM -0400, Rich Felker wrote:
> On Mon, Mar 25, 2019 at 08:17:26PM -0500, A. Wilcox wrote:
> > On 03/25/19 20:09, vlse wrote:
> > > Hello,
> > > 
> > > Would musl-libc support git access via smart HTTPS protocol.
> > > As git man page says as well as stackoverflow site that using git protocol
> > > is fine for lan operations.
> > > But for internet git access, either ssh or https smart protocol use
> > > is necessary to prevent man in the middle attack.
> > 
> > This is more an argument for signing commits so that they are
> > cryptographically provable.  HTTPS is trivial to MITM, especially for
> > the kind of actors that would care enough to MITM musl at all.
> > 
> > Threat models, people.
> 
> The request is reasonable. HTTPS is *not* "trivial to MITM", and
> essentially impossible to do so without detection and a trail of
> responsibility, especially now that CT logs are a thing. However,
> until breaking sha1 (much worse than it's broken now) is practical,
> you can also verify authenticity of a git repo via "git fsck" and a
> known good source of the commit hash (e.g. cgit over https).
> 

Yes. cgit over https. We need a secure start first.

> > > Please consider giving secure git access. Also smart http/s protocol
> > > is way better than dumb protocol. It avoids downloading too much data
> > > again and also shows progress and stats.
> > 
> > 
> > There is absolutely no difference in transmitted data between the Git
> > protocol and the HTTP Git transport, other than the useless overhead of
> > HTTP messages, which actually skews favour towards the Git protocol.
> > Also, the Git protocol is in my experience much much faster.
> > 
> > The Git transport definitely can show progress and stats, the same as
> > the HTTP transport:
> > 
> > awilcox on gwyn [pts/18 Mon 25 20:13] ~: git clone
> > git://git.musl-libc.org/musl
> > Cloning into 'musl'...
> > remote: Counting objects: 31396, done.
> > Receiving objects: 100% (31396/31396), 4.77 MiB | 3.17 MiB/s, done.
> > Resolving deltas: 100% (22605/22605), done.
> > 
> > Personally I would be okay with musl offering an HTTP(S) transport as an
> > option, but please do not take away the Git transport.  It is much
> > faster in my experience.  Every second wasted on stupid HTTP traffic is
> > a second of my life I can't get back.
> 
> Of course the git transport won't be taken away. I'd like to add https
> support, but I'm not sure how to do it without a nasty bloated httpd
> that would increase server resource requirements by 1-2 orders of
> magnitude. If anyone knows a way to hook up thttpd to it, I'll give it
> a try.

Nginx is bloat free I think. But perhaps not in comparison to thttpd.
I will look how to support cgit http/s with thttpd using a hook.

At skarnet.org, the author is using busybox httpd with cgi support and
cgit cgi hooks to give http/s git access.

> 
> Rich

Regards,
Veera

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.