[Dune-devel] HTTPS for authenticated Git
Steffen Müthing
steffen.muething at iwr.uni-heidelberg.de
Wed Aug 14 12:15:03 CEST 2013
Hi everybody,
as I've posted over on the general list, we now have Git (and everything else) over HTTPS without annoying warnings
saying "This website will make your computer explode!".
Now the question is: Do we make it mandatory for those parts that require a login? For Flyspray, we would have to
completely switch to HTTPS because it uses form- and cookie-based authentication. I'd say go ahead on that one.
For Git, the situation is slightly different. In that case, the easiest setup would be to flat out reject any authenticated
access over unencrypted HTTP and serve a 403 forbidden response. That would force every developer to manually
adjust their remote URLs in the repository configs. I really don't care either way on that one - it improves security, but
is a (one-time) hassle for all developers. Opinions?
Best,
Steffen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://lists.dune-project.org/pipermail/dune-devel/attachments/20130814/d05a3336/attachment.sig>
More information about the Dune-devel
mailing list