* [Qemu-devel] [PATCH 0/4] Use 'https://' instead of 'git://' @ 2018-10-31 8:43 Stefan Hajnoczi 2018-10-31 8:43 ` [Qemu-devel] [PATCH 1/4] README: use " Stefan Hajnoczi ` (3 more replies) 0 siblings, 4 replies; 12+ messages in thread From: Stefan Hajnoczi @ 2018-10-31 8:43 UTC (permalink / raw) To: qemu-devel Cc: Jeff Cody, Markus Armbruster, Peter Maydell, Daniel Berrange, Stefan Hajnoczi Jeff Cody has enabled git smart HTTP support on qemu.org. From now on HTTPS is the preferred protocol because it adds some protection against man-in-the-middle when cloning a repo. This patch series updates git:// URLs and changes them to https://. The https:// URL format is: https://git.qemu.org/git/<project>.git The old git:// URL format was: git://git.qemu.org/<project>.git I have also update git://github.com/ URLs because GitHub also offers HTTPS. I have tested that submodules continue to work after the change to .gitmodules. Stefan Hajnoczi (4): README: use 'https://' instead of 'git://' get_maintainer: use 'https://' instead of 'git://' MAINTAINERS: use 'https://' instead of 'git://' for GitHub gitmodules: use 'https://' instead of 'git://' MAINTAINERS | 74 +++++++++++++++++++-------------------- .gitmodules | 34 +++++++++--------- README | 4 +-- pc-bios/README | 4 +-- scripts/get_maintainer.pl | 2 +- 5 files changed, 59 insertions(+), 59 deletions(-) -- 2.17.2 ^ permalink raw reply [flat|nested] 12+ messages in thread
* [Qemu-devel] [PATCH 1/4] README: use 'https://' instead of 'git://' 2018-10-31 8:43 [Qemu-devel] [PATCH 0/4] Use 'https://' instead of 'git://' Stefan Hajnoczi @ 2018-10-31 8:43 ` Stefan Hajnoczi 2018-10-31 9:51 ` Daniel P. Berrangé 2018-10-31 8:43 ` [Qemu-devel] [PATCH 2/4] get_maintainer: " Stefan Hajnoczi ` (2 subsequent siblings) 3 siblings, 1 reply; 12+ messages in thread From: Stefan Hajnoczi @ 2018-10-31 8:43 UTC (permalink / raw) To: qemu-devel Cc: Jeff Cody, Markus Armbruster, Peter Maydell, Daniel Berrange, Stefan Hajnoczi When you clone the repository without previous commit history, 'git://' doesn't protect from man-in-the-middle attacks. HTTPS is more secure since the client verifies the server certificate. Reported-by: Jann Horn <jannh@google.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> --- README | 4 ++-- pc-bios/README | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README b/README index 49a9fd09cd..441c33eb2f 100644 --- a/README +++ b/README @@ -54,7 +54,7 @@ Submitting patches The QEMU source code is maintained under the GIT version control system. - git clone git://git.qemu.org/qemu.git + git clone https://git.qemu.org/git/qemu.git When submitting patches, one common approach is to use 'git format-patch' and/or 'git send-email' to format & send the mail to the @@ -70,7 +70,7 @@ the QEMU website The QEMU website is also maintained under source control. - git clone git://git.qemu.org/qemu-web.git + git clone https://git.qemu.org/git/qemu-web.git https://www.qemu.org/2017/02/04/the-new-qemu-website-is-up/ A 'git-publish' utility was created to make above process less diff --git a/pc-bios/README b/pc-bios/README index 90f0fa7aa7..b572e9eb00 100644 --- a/pc-bios/README +++ b/pc-bios/README @@ -23,7 +23,7 @@ legacy x86 software to communicate with an attached serial console as if a video card were attached. The master sources reside in a subversion repository at http://sgabios.googlecode.com/svn/trunk. A git mirror is - available at git://git.qemu.org/sgabios.git. + available at https://git.qemu.org/git/sgabios.git. - The PXE roms come from the iPXE project. Built with BANNER_TIME 0. Sources available at http://ipxe.org. Vendor:Device ID -> ROM mapping: @@ -40,7 +40,7 @@ - The u-boot binary for e500 comes from the upstream denx u-boot project where it was compiled using the qemu-ppce500 target. - A git mirror is available at: git://git.qemu.org/u-boot.git + A git mirror is available at: https://git.qemu.org/git/u-boot.git The hash used to compile the current version is: 2072e72 - Skiboot (https://github.com/open-power/skiboot/) is an OPAL -- 2.17.2 ^ permalink raw reply related [flat|nested] 12+ messages in thread
* Re: [Qemu-devel] [PATCH 1/4] README: use 'https://' instead of 'git://' 2018-10-31 8:43 ` [Qemu-devel] [PATCH 1/4] README: use " Stefan Hajnoczi @ 2018-10-31 9:51 ` Daniel P. Berrangé 0 siblings, 0 replies; 12+ messages in thread From: Daniel P. Berrangé @ 2018-10-31 9:51 UTC (permalink / raw) To: Stefan Hajnoczi; +Cc: qemu-devel, Jeff Cody, Markus Armbruster, Peter Maydell On Wed, Oct 31, 2018 at 08:43:06AM +0000, Stefan Hajnoczi wrote: > When you clone the repository without previous commit history, 'git://' > doesn't protect from man-in-the-middle attacks. HTTPS is more secure > since the client verifies the server certificate. > > Reported-by: Jann Horn <jannh@google.com> > Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> > --- > README | 4 ++-- > pc-bios/README | 4 ++-- > 2 files changed, 4 insertions(+), 4 deletions(-) Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| ^ permalink raw reply [flat|nested] 12+ messages in thread
* [Qemu-devel] [PATCH 2/4] get_maintainer: use 'https://' instead of 'git://' 2018-10-31 8:43 [Qemu-devel] [PATCH 0/4] Use 'https://' instead of 'git://' Stefan Hajnoczi 2018-10-31 8:43 ` [Qemu-devel] [PATCH 1/4] README: use " Stefan Hajnoczi @ 2018-10-31 8:43 ` Stefan Hajnoczi 2018-10-31 9:52 ` Daniel P. Berrangé 2018-10-31 8:43 ` [Qemu-devel] [PATCH 3/4] MAINTAINERS: use 'https://' instead of 'git://' for GitHub Stefan Hajnoczi 2018-10-31 8:43 ` [Qemu-devel] [PATCH 4/4] gitmodules: use 'https://' instead of 'git://' Stefan Hajnoczi 3 siblings, 1 reply; 12+ messages in thread From: Stefan Hajnoczi @ 2018-10-31 8:43 UTC (permalink / raw) To: qemu-devel Cc: Jeff Cody, Markus Armbruster, Peter Maydell, Daniel Berrange, Stefan Hajnoczi When you clone the repository without previous commit history, 'git://' doesn't protect from man-in-the-middle attacks. HTTPS is more secure since the client verifies the server certificate. Reported-by: Jann Horn <jannh@google.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> --- scripts/get_maintainer.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/get_maintainer.pl b/scripts/get_maintainer.pl index 43fb5f512f..fc7275b9e2 100755 --- a/scripts/get_maintainer.pl +++ b/scripts/get_maintainer.pl @@ -1376,7 +1376,7 @@ sub vcs_exists { warn("$P: No supported VCS found. Add --nogit to options?\n"); warn("Using a git repository produces better results.\n"); warn("Try latest git repository using:\n"); - warn("git clone git://git.qemu.org/qemu.git\n"); + warn("git clone https//git.qemu.org/git/qemu.git\n"); $printed_novcs = 1; } return 0; -- 2.17.2 ^ permalink raw reply related [flat|nested] 12+ messages in thread
* Re: [Qemu-devel] [PATCH 2/4] get_maintainer: use 'https://' instead of 'git://' 2018-10-31 8:43 ` [Qemu-devel] [PATCH 2/4] get_maintainer: " Stefan Hajnoczi @ 2018-10-31 9:52 ` Daniel P. Berrangé 0 siblings, 0 replies; 12+ messages in thread From: Daniel P. Berrangé @ 2018-10-31 9:52 UTC (permalink / raw) To: Stefan Hajnoczi; +Cc: qemu-devel, Jeff Cody, Markus Armbruster, Peter Maydell On Wed, Oct 31, 2018 at 08:43:07AM +0000, Stefan Hajnoczi wrote: > When you clone the repository without previous commit history, 'git://' > doesn't protect from man-in-the-middle attacks. HTTPS is more secure > since the client verifies the server certificate. > > Reported-by: Jann Horn <jannh@google.com> > Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> > --- > scripts/get_maintainer.pl | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| ^ permalink raw reply [flat|nested] 12+ messages in thread
* [Qemu-devel] [PATCH 3/4] MAINTAINERS: use 'https://' instead of 'git://' for GitHub 2018-10-31 8:43 [Qemu-devel] [PATCH 0/4] Use 'https://' instead of 'git://' Stefan Hajnoczi 2018-10-31 8:43 ` [Qemu-devel] [PATCH 1/4] README: use " Stefan Hajnoczi 2018-10-31 8:43 ` [Qemu-devel] [PATCH 2/4] get_maintainer: " Stefan Hajnoczi @ 2018-10-31 8:43 ` Stefan Hajnoczi 2018-10-31 9:57 ` Daniel P. Berrangé ` (2 more replies) 2018-10-31 8:43 ` [Qemu-devel] [PATCH 4/4] gitmodules: use 'https://' instead of 'git://' Stefan Hajnoczi 3 siblings, 3 replies; 12+ messages in thread From: Stefan Hajnoczi @ 2018-10-31 8:43 UTC (permalink / raw) To: qemu-devel Cc: Jeff Cody, Markus Armbruster, Peter Maydell, Daniel Berrange, Stefan Hajnoczi When you clone the repository without previous commit history, 'git://' doesn't protect from man-in-the-middle attacks. HTTPS is more secure since the client verifies the server certificate. Reported-by: Jann Horn <jannh@google.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> --- MAINTAINERS | 74 ++++++++++++++++++++++++++--------------------------- 1 file changed, 37 insertions(+), 37 deletions(-) diff --git a/MAINTAINERS b/MAINTAINERS index d794bd7a66..464f7f9338 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -74,7 +74,7 @@ S: Maintained L: qemu-trivial@nongnu.org K: ^Subject:.*(?i)trivial T: git git://git.corpit.ru/qemu.git trivial-patches -T: git git://github.com/vivier/qemu.git trivial-patches +T: git https://github.com/vivier/qemu.git trivial-patches Architecture support -------------------- @@ -98,7 +98,7 @@ F: pc-bios/s390-ccw.img F: target/s390x/ F: docs/vfio-ap.txt K: ^Subject:.*(?i)s390x? -T: git git://github.com/cohuck/qemu.git s390-next +T: git https://github.com/cohuck/qemu.git s390-next L: qemu-s390x@nongnu.org Guest CPU cores (TCG): @@ -295,7 +295,7 @@ F: tests/tcg/x86_64/ F: hw/i386/ F: disas/i386.c F: docs/qemu-cpu-models.texi -T: git git://github.com/ehabkost/qemu.git x86-next +T: git https://github.com/ehabkost/qemu.git x86-next Xtensa M: Max Filippov <jcmvbkbc@gmail.com> @@ -359,8 +359,8 @@ F: hw/intc/s390_flic.c F: hw/intc/s390_flic_kvm.c F: include/hw/s390x/s390_flic.h F: gdb-xml/s390*.xml -T: git git://github.com/cohuck/qemu.git s390-next -T: git git://github.com/borntraeger/qemu.git s390-next +T: git https://github.com/cohuck/qemu.git s390-next +T: git https://github.com/borntraeger/qemu.git s390-next L: qemu-s390x@nongnu.org X86 @@ -942,8 +942,8 @@ F: include/hw/s390x/ F: hw/watchdog/wdt_diag288.c F: include/hw/watchdog/wdt_diag288.h F: default-configs/s390x-softmmu.mak -T: git git://github.com/cohuck/qemu.git s390-next -T: git git://github.com/borntraeger/qemu.git s390-next +T: git https://github.com/cohuck/qemu.git s390-next +T: git https://github.com/borntraeger/qemu.git s390-next L: qemu-s390x@nongnu.org S390-ccw Bios @@ -952,7 +952,7 @@ M: Thomas Huth <thuth@redhat.com> S: Supported F: pc-bios/s390-ccw/ F: pc-bios/s390-ccw.img -T: git git://github.com/borntraeger/qemu.git s390-next +T: git https://github.com/borntraeger/qemu.git s390-next L: qemu-s390x@nongnu.org UniCore32 Machines @@ -1022,7 +1022,7 @@ S: Supported F: hw/core/machine.c F: hw/core/null-machine.c F: include/hw/boards.h -T: git git://github.com/ehabkost/qemu.git machine-next +T: git https://github.com/ehabkost/qemu.git machine-next Xtensa Machines --------------- @@ -1058,7 +1058,7 @@ F: tests/ide-test.c F: tests/ahci-test.c F: tests/cdrom-test.c F: tests/libqos/ahci* -T: git git://github.com/jnsnow/qemu.git ide +T: git https://github.com/jnsnow/qemu.git ide IPMI M: Corey Minyard <minyard@acm.org> @@ -1067,7 +1067,7 @@ F: include/hw/ipmi/* F: hw/ipmi/* F: hw/smbios/smbios_type_38.c F: tests/ipmi* -T: git git://github.com/cminyard/qemu.git master-ipmi-rebase +T: git https://github.com/cminyard/qemu.git master-ipmi-rebase Floppy M: John Snow <jsnow@redhat.com> @@ -1076,7 +1076,7 @@ S: Supported F: hw/block/fdc.c F: include/hw/block/fdc.h F: tests/fdc-test.c -T: git git://github.com/jnsnow/qemu.git ide +T: git https://github.com/jnsnow/qemu.git ide OMAP M: Peter Maydell <peter.maydell@linaro.org> @@ -1144,7 +1144,7 @@ S: Odd Fixes F: hw/net/ F: include/hw/net/ F: tests/virtio-net-test.c -T: git git://github.com/jasowang/qemu.git net +T: git https://github.com/jasowang/qemu.git net SCSI M: Paolo Bonzini <pbonzini@redhat.com> @@ -1153,7 +1153,7 @@ S: Supported F: include/hw/scsi/* F: hw/scsi/* F: tests/virtio-scsi-test.c -T: git git://github.com/bonzini/qemu.git scsi-next +T: git https://github.com/bonzini/qemu.git scsi-next SSI M: Peter Crosthwaite <crosthwaite.peter@gmail.com> @@ -1208,7 +1208,7 @@ S: Supported F: hw/vfio/ccw.c F: hw/s390x/s390-ccw.c F: include/hw/s390x/s390-ccw.h -T: git git://github.com/cohuck/qemu.git s390-next +T: git https://github.com/cohuck/qemu.git s390-next L: qemu-s390x@nongnu.org vfio-ap @@ -1247,7 +1247,7 @@ S: Supported F: hw/9pfs/ F: fsdev/ F: tests/virtio-9p-test.c -T: git git://github.com/gkurz/qemu.git 9p-next +T: git https://github.com/gkurz/qemu.git 9p-next virtio-blk M: Stefan Hajnoczi <stefanha@redhat.com> @@ -1256,7 +1256,7 @@ S: Supported F: hw/block/virtio-blk.c F: hw/block/dataplane/* F: tests/virtio-blk-test.c -T: git git://github.com/stefanha/qemu.git block +T: git https://github.com/stefanha/qemu.git block virtio-ccw M: Cornelia Huck <cohuck@redhat.com> @@ -1264,8 +1264,8 @@ M: Christian Borntraeger <borntraeger@de.ibm.com> S: Supported F: hw/s390x/virtio-ccw*.[hc] F: hw/s390x/vhost-vsock-ccw.c -T: git git://github.com/cohuck/qemu.git s390-next -T: git git://github.com/borntraeger/qemu.git s390-next +T: git https://github.com/cohuck/qemu.git s390-next +T: git https://github.com/borntraeger/qemu.git s390-next L: qemu-s390x@nongnu.org virtio-input @@ -1469,7 +1469,7 @@ F: migration/block* F: include/block/aio.h F: include/block/aio-wait.h F: scripts/qemugdb/aio.py -T: git git://github.com/stefanha/qemu.git block +T: git https://github.com/stefanha/qemu.git block Block SCSI subsystem M: Paolo Bonzini <pbonzini@redhat.com> @@ -1493,7 +1493,7 @@ F: block/commit.c F: block/stream.c F: block/mirror.c F: qapi/job.json -T: git git://github.com/codyprime/qemu-kvm-jtc.git block +T: git https://github.com/codyprime/qemu-kvm-jtc.git block Block QAPI, monitor, command line M: Markus Armbruster <armbru@redhat.com> @@ -1515,8 +1515,8 @@ F: include/qemu/hbitmap.h F: include/block/dirty-bitmap.h F: tests/test-hbitmap.c F: docs/interop/bitmaps.rst -T: git git://github.com/famz/qemu.git bitmaps -T: git git://github.com/jnsnow/qemu.git bitmaps +T: git https://github.com/famz/qemu.git bitmaps +T: git https://github.com/jnsnow/qemu.git bitmaps Character device backends M: Paolo Bonzini <pbonzini@redhat.com> @@ -1640,7 +1640,7 @@ M: Jason Wang <jasowang@redhat.com> S: Maintained F: net/ F: include/net/ -T: git git://github.com/jasowang/qemu.git net +T: git https://github.com/jasowang/qemu.git net F: qapi/net.json Netmap network backend @@ -1656,7 +1656,7 @@ M: Eduardo Habkost <ehabkost@redhat.com> S: Maintained F: numa.c F: include/sysemu/numa.h -T: git git://github.com/ehabkost/qemu.git machine-next +T: git https://github.com/ehabkost/qemu.git machine-next Host Memory Backends M: Eduardo Habkost <ehabkost@redhat.com> @@ -1664,7 +1664,7 @@ M: Igor Mammedov <imammedo@redhat.com> S: Maintained F: backends/hostmem*.c F: include/sysemu/hostmem.h -T: git git://github.com/ehabkost/qemu.git machine-next +T: git https://github.com/ehabkost/qemu.git machine-next Cryptodev Backends M: Gonglei <arei.gonglei@huawei.com> @@ -1728,12 +1728,12 @@ F: qemu-ga.texi F: scripts/qemu-guest-agent/ F: tests/test-qga.c F: docs/interop/qemu-ga-ref.texi -T: git git://github.com/mdroth/qemu.git qga +T: git https://github.com/mdroth/qemu.git qga QOM M: Andreas Färber <afaerber@suse.de> S: Supported -T: git git://github.com/afaerber/qemu-cpu.git qom-next +T: git https://github.com/afaerber/qemu-cpu.git qom-next F: include/qom/ X: include/qom/cpu.h F: qom/ @@ -1793,7 +1793,7 @@ F: qemu-option-trace.texi F: scripts/tracetool.py F: scripts/tracetool/ F: docs/devel/tracing.txt -T: git git://github.com/stefanha/qemu.git tracing +T: git https://github.com/stefanha/qemu.git tracing TPM M: Stefan Berger <stefanb@linux.vnet.ibm.com> @@ -1806,7 +1806,7 @@ F: include/sysemu/tpm* F: qapi/tpm.json F: backends/tpm.c F: tests/*tpm* -T: git git://github.com/stefanberger/qemu-tpm.git tpm-next +T: git https://github.com/stefanberger/qemu-tpm.git tpm-next Checkpatch S: Odd Fixes @@ -2022,7 +2022,7 @@ M: Jeff Cody <jcody@redhat.com> L: qemu-block@nongnu.org S: Supported F: block/rbd.c -T: git git://github.com/codyprime/qemu-kvm-jtc.git block +T: git https://github.com/codyprime/qemu-kvm-jtc.git block Sheepdog M: Liu Yuan <namei.unix@gmail.com> @@ -2031,14 +2031,14 @@ L: qemu-block@nongnu.org L: sheepdog@lists.wpkg.org S: Supported F: block/sheepdog.c -T: git git://github.com/codyprime/qemu-kvm-jtc.git block +T: git https://github.com/codyprime/qemu-kvm-jtc.git block VHDX M: Jeff Cody <jcody@redhat.com> L: qemu-block@nongnu.org S: Supported F: block/vhdx* -T: git git://github.com/codyprime/qemu-kvm-jtc.git block +T: git https://github.com/codyprime/qemu-kvm-jtc.git block VDI M: Stefan Weil <sw@weilnetz.de> @@ -2074,7 +2074,7 @@ M: Peter Lieven <pl@kamp.de> L: qemu-block@nongnu.org S: Maintained F: block/nfs.c -T: git git://github.com/codyprime/qemu-kvm-jtc.git block +T: git https://github.com/codyprime/qemu-kvm-jtc.git block SSH M: Richard W.M. Jones <rjones@redhat.com> @@ -2082,21 +2082,21 @@ M: Jeff Cody <jcody@redhat.com> L: qemu-block@nongnu.org S: Supported F: block/ssh.c -T: git git://github.com/codyprime/qemu-kvm-jtc.git block +T: git https://github.com/codyprime/qemu-kvm-jtc.git block CURL M: Jeff Cody <jcody@redhat.com> L: qemu-block@nongnu.org S: Supported F: block/curl.c -T: git git://github.com/codyprime/qemu-kvm-jtc.git block +T: git https://github.com/codyprime/qemu-kvm-jtc.git block GLUSTER M: Jeff Cody <jcody@redhat.com> L: qemu-block@nongnu.org S: Supported F: block/gluster.c -T: git git://github.com/codyprime/qemu-kvm-jtc.git block +T: git https://github.com/codyprime/qemu-kvm-jtc.git block Null Block Driver M: Fam Zheng <famz@redhat.com> -- 2.17.2 ^ permalink raw reply related [flat|nested] 12+ messages in thread
* Re: [Qemu-devel] [PATCH 3/4] MAINTAINERS: use 'https://' instead of 'git://' for GitHub 2018-10-31 8:43 ` [Qemu-devel] [PATCH 3/4] MAINTAINERS: use 'https://' instead of 'git://' for GitHub Stefan Hajnoczi @ 2018-10-31 9:57 ` Daniel P. Berrangé 2018-10-31 10:05 ` Cornelia Huck 2018-10-31 13:31 ` Eric Blake 2 siblings, 0 replies; 12+ messages in thread From: Daniel P. Berrangé @ 2018-10-31 9:57 UTC (permalink / raw) To: Stefan Hajnoczi; +Cc: qemu-devel, Jeff Cody, Markus Armbruster, Peter Maydell On Wed, Oct 31, 2018 at 08:43:08AM +0000, Stefan Hajnoczi wrote: > When you clone the repository without previous commit history, 'git://' > doesn't protect from man-in-the-middle attacks. HTTPS is more secure > since the client verifies the server certificate. > > Reported-by: Jann Horn <jannh@google.com> > Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> > --- > MAINTAINERS | 74 ++++++++++++++++++++++++++--------------------------- > 1 file changed, 37 insertions(+), 37 deletions(-) Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Qemu-devel] [PATCH 3/4] MAINTAINERS: use 'https://' instead of 'git://' for GitHub 2018-10-31 8:43 ` [Qemu-devel] [PATCH 3/4] MAINTAINERS: use 'https://' instead of 'git://' for GitHub Stefan Hajnoczi 2018-10-31 9:57 ` Daniel P. Berrangé @ 2018-10-31 10:05 ` Cornelia Huck 2018-10-31 13:31 ` Eric Blake 2 siblings, 0 replies; 12+ messages in thread From: Cornelia Huck @ 2018-10-31 10:05 UTC (permalink / raw) To: Stefan Hajnoczi; +Cc: qemu-devel, Peter Maydell, Jeff Cody, Markus Armbruster On Wed, 31 Oct 2018 08:43:08 +0000 Stefan Hajnoczi <stefanha@redhat.com> wrote: > When you clone the repository without previous commit history, 'git://' > doesn't protect from man-in-the-middle attacks. HTTPS is more secure > since the client verifies the server certificate. > > Reported-by: Jann Horn <jannh@google.com> > Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> > --- > MAINTAINERS | 74 ++++++++++++++++++++++++++--------------------------- > 1 file changed, 37 insertions(+), 37 deletions(-) Acked-by: Cornelia Huck <cohuck@redhat.com> ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Qemu-devel] [PATCH 3/4] MAINTAINERS: use 'https://' instead of 'git://' for GitHub 2018-10-31 8:43 ` [Qemu-devel] [PATCH 3/4] MAINTAINERS: use 'https://' instead of 'git://' for GitHub Stefan Hajnoczi 2018-10-31 9:57 ` Daniel P. Berrangé 2018-10-31 10:05 ` Cornelia Huck @ 2018-10-31 13:31 ` Eric Blake 2018-11-02 12:36 ` Stefan Hajnoczi 2 siblings, 1 reply; 12+ messages in thread From: Eric Blake @ 2018-10-31 13:31 UTC (permalink / raw) To: Stefan Hajnoczi, qemu-devel; +Cc: Peter Maydell, Jeff Cody, Markus Armbruster On 10/31/18 3:43 AM, Stefan Hajnoczi wrote: > When you clone the repository without previous commit history, 'git://' > doesn't protect from man-in-the-middle attacks. HTTPS is more secure > since the client verifies the server certificate. > > Reported-by: Jann Horn <jannh@google.com> > Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> > --- > MAINTAINERS | 74 ++++++++++++++++++++++++++--------------------------- > 1 file changed, 37 insertions(+), 37 deletions(-) We should also do the same for maintainers using git://repo.or.cz: $ wget -S 'https://repo.or.cz/qemu/ericb.git/info/refs?service=git-upload-pack' 2>&1 | grep Content-Type Content-Type: application/x-git-upload-pack-advertisement For example, my entry would benefit from: diff --git i/MAINTAINERS w/MAINTAINERS index 3275cc6bbed..b4b6a5b5df1 100644 --- i/MAINTAINERS +++ w/MAINTAINERS @@ -2049,7 +2049,7 @@ F: include/block/nbd* F: qemu-nbd.* F: blockdev-nbd.c F: docs/interop/nbd.txt -T: git git://repo.or.cz/qemu/ericb.git nbd +T: git https://repo.or.cz/qemu/ericb.git nbd NFS M: Jeff Cody <jcody@redhat.com> -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3266 Virtualization: qemu.org | libvirt.org ^ permalink raw reply related [flat|nested] 12+ messages in thread
* Re: [Qemu-devel] [PATCH 3/4] MAINTAINERS: use 'https://' instead of 'git://' for GitHub 2018-10-31 13:31 ` Eric Blake @ 2018-11-02 12:36 ` Stefan Hajnoczi 0 siblings, 0 replies; 12+ messages in thread From: Stefan Hajnoczi @ 2018-11-02 12:36 UTC (permalink / raw) To: Eric Blake; +Cc: qemu-devel, Peter Maydell, Jeff Cody, Markus Armbruster [-- Attachment #1: Type: text/plain, Size: 696 bytes --] On Wed, Oct 31, 2018 at 08:31:09AM -0500, Eric Blake wrote: > On 10/31/18 3:43 AM, Stefan Hajnoczi wrote: > > When you clone the repository without previous commit history, 'git://' > > doesn't protect from man-in-the-middle attacks. HTTPS is more secure > > since the client verifies the server certificate. > > > > Reported-by: Jann Horn <jannh@google.com> > > Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> > > --- > > MAINTAINERS | 74 ++++++++++++++++++++++++++--------------------------- > > 1 file changed, 37 insertions(+), 37 deletions(-) > > We should also do the same for maintainers using git://repo.or.cz: Your wish is my command. Fixed in v2. Stefan [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 455 bytes --] ^ permalink raw reply [flat|nested] 12+ messages in thread
* [Qemu-devel] [PATCH 4/4] gitmodules: use 'https://' instead of 'git://' 2018-10-31 8:43 [Qemu-devel] [PATCH 0/4] Use 'https://' instead of 'git://' Stefan Hajnoczi ` (2 preceding siblings ...) 2018-10-31 8:43 ` [Qemu-devel] [PATCH 3/4] MAINTAINERS: use 'https://' instead of 'git://' for GitHub Stefan Hajnoczi @ 2018-10-31 8:43 ` Stefan Hajnoczi 2018-10-31 10:01 ` Daniel P. Berrangé 3 siblings, 1 reply; 12+ messages in thread From: Stefan Hajnoczi @ 2018-10-31 8:43 UTC (permalink / raw) To: qemu-devel Cc: Jeff Cody, Markus Armbruster, Peter Maydell, Daniel Berrange, Stefan Hajnoczi When you clone the repository without previous commit history, 'git://' doesn't protect from man-in-the-middle attacks. HTTPS is more secure since the client verifies the server certificate. Also change git.qemu-project.org to git.qemu.org (we control both domain names but qemu.org is used more widely). Reported-by: Jann Horn <jannh@google.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> --- .gitmodules | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/.gitmodules b/.gitmodules index a48d2a764c..6b91176098 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,51 +1,51 @@ [submodule "roms/seabios"] path = roms/seabios - url = git://git.qemu-project.org/seabios.git/ + url = https://git.qemu.org/git/seabios.git/ [submodule "roms/SLOF"] path = roms/SLOF - url = git://git.qemu-project.org/SLOF.git + url = https://git.qemu.org/git/SLOF.git [submodule "roms/ipxe"] path = roms/ipxe - url = git://git.qemu-project.org/ipxe.git + url = https://git.qemu.org/git/ipxe.git [submodule "roms/openbios"] path = roms/openbios - url = git://git.qemu-project.org/openbios.git + url = https://git.qemu.org/git/openbios.git [submodule "roms/openhackware"] path = roms/openhackware - url = git://git.qemu-project.org/openhackware.git + url = https://git.qemu.org/git/openhackware.git [submodule "roms/qemu-palcode"] path = roms/qemu-palcode - url = git://git.qemu.org/qemu-palcode.git + url = https://git.qemu.org/git/qemu-palcode.git [submodule "roms/sgabios"] path = roms/sgabios - url = git://git.qemu-project.org/sgabios.git + url = https://git.qemu.org/git/sgabios.git [submodule "dtc"] path = dtc - url = git://git.qemu-project.org/dtc.git + url = https://git.qemu.org/git/dtc.git [submodule "roms/u-boot"] path = roms/u-boot - url = git://git.qemu-project.org/u-boot.git + url = https://git.qemu.org/git/u-boot.git [submodule "roms/skiboot"] path = roms/skiboot - url = git://git.qemu.org/skiboot.git + url = https://git.qemu.org/git/skiboot.git [submodule "roms/QemuMacDrivers"] path = roms/QemuMacDrivers - url = git://git.qemu.org/QemuMacDrivers.git + url = https://git.qemu.org/git/QemuMacDrivers.git [submodule "ui/keycodemapdb"] path = ui/keycodemapdb - url = git://git.qemu.org/keycodemapdb.git + url = https://git.qemu.org/git/keycodemapdb.git [submodule "capstone"] path = capstone - url = git://git.qemu.org/capstone.git + url = https://git.qemu.org/git/capstone.git [submodule "roms/seabios-hppa"] path = roms/seabios-hppa - url = git://github.com/hdeller/seabios-hppa.git + url = https://github.com/hdeller/seabios-hppa.git [submodule "roms/u-boot-sam460ex"] path = roms/u-boot-sam460ex - url = git://git.qemu.org/u-boot-sam460ex.git + url = https://git.qemu.org/git/u-boot-sam460ex.git [submodule "tests/fp/berkeley-testfloat-3"] path = tests/fp/berkeley-testfloat-3 - url = git://github.com/cota/berkeley-testfloat-3 + url = https://github.com/cota/berkeley-testfloat-3 [submodule "tests/fp/berkeley-softfloat-3"] path = tests/fp/berkeley-softfloat-3 - url = git://github.com/cota/berkeley-softfloat-3 + url = https://github.com/cota/berkeley-softfloat-3 -- 2.17.2 ^ permalink raw reply related [flat|nested] 12+ messages in thread
* Re: [Qemu-devel] [PATCH 4/4] gitmodules: use 'https://' instead of 'git://' 2018-10-31 8:43 ` [Qemu-devel] [PATCH 4/4] gitmodules: use 'https://' instead of 'git://' Stefan Hajnoczi @ 2018-10-31 10:01 ` Daniel P. Berrangé 0 siblings, 0 replies; 12+ messages in thread From: Daniel P. Berrangé @ 2018-10-31 10:01 UTC (permalink / raw) To: Stefan Hajnoczi; +Cc: qemu-devel, Jeff Cody, Markus Armbruster, Peter Maydell On Wed, Oct 31, 2018 at 08:43:09AM +0000, Stefan Hajnoczi wrote: > When you clone the repository without previous commit history, 'git://' > doesn't protect from man-in-the-middle attacks. HTTPS is more secure > since the client verifies the server certificate. > > Also change git.qemu-project.org to git.qemu.org (we control both domain > names but qemu.org is used more widely). > > Reported-by: Jann Horn <jannh@google.com> > Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> > --- > .gitmodules | 34 +++++++++++++++++----------------- > 1 file changed, 17 insertions(+), 17 deletions(-) Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| ^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2018-11-02 12:52 UTC | newest] Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2018-10-31 8:43 [Qemu-devel] [PATCH 0/4] Use 'https://' instead of 'git://' Stefan Hajnoczi 2018-10-31 8:43 ` [Qemu-devel] [PATCH 1/4] README: use " Stefan Hajnoczi 2018-10-31 9:51 ` Daniel P. Berrangé 2018-10-31 8:43 ` [Qemu-devel] [PATCH 2/4] get_maintainer: " Stefan Hajnoczi 2018-10-31 9:52 ` Daniel P. Berrangé 2018-10-31 8:43 ` [Qemu-devel] [PATCH 3/4] MAINTAINERS: use 'https://' instead of 'git://' for GitHub Stefan Hajnoczi 2018-10-31 9:57 ` Daniel P. Berrangé 2018-10-31 10:05 ` Cornelia Huck 2018-10-31 13:31 ` Eric Blake 2018-11-02 12:36 ` Stefan Hajnoczi 2018-10-31 8:43 ` [Qemu-devel] [PATCH 4/4] gitmodules: use 'https://' instead of 'git://' Stefan Hajnoczi 2018-10-31 10:01 ` Daniel P. Berrangé
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.