Re: git:// download of notmuch is currently broken

Subject: Re: git:// download of notmuch is currently broken

Date: Mon, 12 Aug 2024 08:48:58 +0200

Am So., 11. Aug. 2024 um 21:12 Uhr schrieb Tomi Ollila <tomi.ollila@iki.fi>:
>
> On Sat, Aug 10 2024, David Bremner wrote:
>
> > Apparently recent security related changes for git have broken our setup
> > for download of the notmuch repo via git:// protocol. I think not much
> > people use that, as it's been broken for months and nobody noticed until
> > recently.

I noticed, switched to https and went ahead.

> > Anyway, it's on my list of things to fix, but it's not really a
> > priority. I'd welcome _good_ reasons why people cannot switch to to
> > https, that might cause me to re-prioritize

Port-wise, https:// should be possible for even more people than git://

> I recall the git:// worked to pull 2024-06-15 14:54 -0300 Marc Fargas ...
>
> Since then this change
>
>   #url = git://notmuchmail.org/git/notmuch
>   url = http://git.notmuchmail.org/git/notmuch

Disabling git:// by default follows a step taken by github about 2
years ago. The point is that https:// is encrypted and the
authenticity of the server endpoint is checked "in the ssl sense".
Offering/using that via http works but defeats the purpose. [Also,
setting up https:// user authentication may or may not be easier than
ssh.]

Cheers
Michael
_______________________________________________
notmuch mailing list -- notmuch@notmuchmail.org
To unsubscribe send an email to notmuch-leave@notmuchmail.org

Previous message (by thread): Re: git:// download of notmuch is currently broken

Thread:

David Bremner—git:// download of notmuch is currently broken [inbox, unread]
- Tomi Ollila—Re: git:// download of notmuch is currently broken [inbox, unread]
  - Michael J Gruber—Re: git:// download of notmuch is currently broken [inbox, unread]