On 2016-01-08 16:43, Paul Tagliamonte wrote:
Hey devel,
We still have `git://` all over the place, for instance, on Vcs-Git on
control files. That makes me sad. Boo insecure transports.
`git://` is plaintext, and plaintext transports are bad.
I'd like to suggest we move all Vcs-Git entries to either `https` or
`ssh`.
Possibly also add a --secure flag to debcheckout so that git:// repos
are checked out using https:// if --secure if turned on? There exists
already an --auth flag which replaces git:// by git+ssh:// (also
configurable using the DEBCHECKOUT_AUTH_URLS environment variable).
The lintian flag is a good idea too.
--
Mehdi
