I apologise if I'm asking in the wrong place. Is it possible to clone/fetch from the notmuch git repositories (particularly https://git.notmuchmail.org/git/notmuch) over https rather than with the `git://' protocol? (None of the likely alternatives seem to work.) If not, would it be inconvenient for this to be enabled, as an option (if not the recommended one)? Having such an option would be valuable for the purposes of MELPA and MELPA stable (the Emacs package archives which provide an alternative, slightly controversial, way of installing the Notmuch Emacs interface). Since the scripts that build the package archives fetch from upstream sources (such as git://git.notmuchmail.org/git/notmuch) automatically (without human oversight or code inspection) and the `git://' protocol does not provide any authentication, there is currently no guarantee that when the MELPA server tries to connect to notmuchmail.org it's not actually being "Man-in-the-middled" by a malicious third party. As a result, it would be possible for such a third party to introduce some changes to the Elisp code, that would compromise the machines of any users who install the modified package. Using https would raise the bar, from anybody who can hijack the connection between MELPA and notmuchmail.org, to those who can compromise the SSL certificate chain. Thank you for your time and thank you for notmuch, Adam _______________________________________________ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch