Date: Mon, 25 Mar 2019 22:59:37 -0400 From: Rich Felker <dalias@...c.org> To: musl@...ts.openwall.com Subject: Re: Supporting git access via smart HTTPS protocol for musl-libc On Tue, Mar 26, 2019 at 07:24:35AM +0530, vlse wrote: > Hi, > > On Mon, Mar 25, 2019 at 09:37:06PM -0400, Rich Felker wrote: > > On Mon, Mar 25, 2019 at 08:17:26PM -0500, A. Wilcox wrote: > > > On 03/25/19 20:09, vlse wrote: > > > > Hello, > > > > > > > > Would musl-libc support git access via smart HTTPS protocol. > > > > As git man page says as well as stackoverflow site that using git protocol > > > > is fine for lan operations. > > > > But for internet git access, either ssh or https smart protocol use > > > > is necessary to prevent man in the middle attack. > > > > > > This is more an argument for signing commits so that they are > > > cryptographically provable. HTTPS is trivial to MITM, especially for > > > the kind of actors that would care enough to MITM musl at all. > > > > > > Threat models, people. > > > > The request is reasonable. HTTPS is *not* "trivial to MITM", and > > essentially impossible to do so without detection and a trail of > > responsibility, especially now that CT logs are a thing. However, > > until breaking sha1 (much worse than it's broken now) is practical, > > you can also verify authenticity of a git repo via "git fsck" and a > > known good source of the commit hash (e.g. cgit over https). > > > > Yes. cgit over https. We need a secure start first. > > > > > Please consider giving secure git access. Also smart http/s protocol > > > > is way better than dumb protocol. It avoids downloading too much data > > > > again and also shows progress and stats. > > > > > > > > > There is absolutely no difference in transmitted data between the Git > > > protocol and the HTTP Git transport, other than the useless overhead of > > > HTTP messages, which actually skews favour towards the Git protocol. > > > Also, the Git protocol is in my experience much much faster. > > > > > > The Git transport definitely can show progress and stats, the same as > > > the HTTP transport: > > > > > > awilcox on gwyn [pts/18 Mon 25 20:13] ~: git clone > > > git://git.musl-libc.org/musl > > > Cloning into 'musl'... > > > remote: Counting objects: 31396, done. > > > Receiving objects: 100% (31396/31396), 4.77 MiB | 3.17 MiB/s, done. > > > Resolving deltas: 100% (22605/22605), done. > > > > > > Personally I would be okay with musl offering an HTTP(S) transport as an > > > option, but please do not take away the Git transport. It is much > > > faster in my experience. Every second wasted on stupid HTTP traffic is > > > a second of my life I can't get back. > > > > Of course the git transport won't be taken away. I'd like to add https > > support, but I'm not sure how to do it without a nasty bloated httpd > > that would increase server resource requirements by 1-2 orders of > > magnitude. If anyone knows a way to hook up thttpd to it, I'll give it > > a try. > > Nginx is bloat free I think. But perhaps not in comparison to thttpd. > I will look how to support cgit http/s with thttpd using a hook. > > At skarnet.org, the author is using busybox httpd with cgi support and > cgit cgi hooks to give http/s git access. OK, that sounds promising. If it can be done with cgi, it should be easy to setup, assuming the git client is forgiving of thttpd's slightly non-conforming cgi behavior regarding headers. Rich
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.