From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58486) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gHnAF-0003hY-Dn for qemu-devel@nongnu.org; Wed, 31 Oct 2018 05:51:52 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gHnA9-0000dU-Gs for qemu-devel@nongnu.org; Wed, 31 Oct 2018 05:51:51 -0400 Received: from mx1.redhat.com ([209.132.183.28]:54230) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gHnA9-0000R8-AM for qemu-devel@nongnu.org; Wed, 31 Oct 2018 05:51:45 -0400 Date: Wed, 31 Oct 2018 09:51:25 +0000 From: Daniel =?utf-8?B?UC4gQmVycmFuZ8Op?= Message-ID: <20181031095125.GB9625@redhat.com> Reply-To: Daniel =?utf-8?B?UC4gQmVycmFuZ8Op?= References: <20181031084309.9227-1-stefanha@redhat.com> <20181031084309.9227-2-stefanha@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20181031084309.9227-2-stefanha@redhat.com> Content-Transfer-Encoding: quoted-printable Subject: Re: [Qemu-devel] [PATCH 1/4] README: use 'https://' instead of 'git://' List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Stefan Hajnoczi Cc: qemu-devel@nongnu.org, Jeff Cody , Markus Armbruster , Peter Maydell On Wed, Oct 31, 2018 at 08:43:06AM +0000, Stefan Hajnoczi wrote: > When you clone the repository without previous commit history, 'git://' > doesn't protect from man-in-the-middle attacks. HTTPS is more secure > since the client verifies the server certificate. >=20 > Reported-by: Jann Horn > Signed-off-by: Stefan Hajnoczi > --- > README | 4 ++-- > pc-bios/README | 4 ++-- > 2 files changed, 4 insertions(+), 4 deletions(-) Reviewed-by: Daniel P. Berrang=C3=A9 Regards, Daniel --=20 |: https://berrange.com -o- https://www.flickr.com/photos/dberran= ge :| |: https://libvirt.org -o- https://fstop138.berrange.c= om :| |: https://entangle-photo.org -o- https://www.instagram.com/dberran= ge :|