Skip to content

Commit

Permalink
documentation: add git:// transport security notice
Browse files Browse the repository at this point in the history 
The fact that the git:// transport does no authentication is easily
overlooked.  For example, DNS poisoning may result in fetching from
somewhere that was not intended.

Add a brief security notice to the "GIT URLS" section
of the documentation stating that the git transport should be used
with caution on unsecured networks.

Signed-off-by: Fraser Tweedale <frase@frase.id.au>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
  • Loading branch information
Fraser Tweedale authored and Junio C Hamano committed Jun 26, 2013
1 parent c0add30 commit 2061801
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions Documentation/urls.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,9 @@ and ftps can be used for fetching and rsync can be used for fetching
and pushing, but these are inefficient and deprecated; do not use
them).

The native transport (i.e. git:// URL) does no authentication and
should be used with caution on unsecured networks.

The following syntaxes may be used with them:

- ssh://{startsb}user@{endsb}host.xz{startsb}:port{endsb}/path/to/repo.git/
Expand Down

0 comments on commit 2061801

Please sign in to comment.