[SSL Observatory] Observatory source code available via git
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri May 13 09:35:46 PDT 2011
On 05/13/2011 09:55 AM, Matt McCutchen wrote:
> As I'm sure those on this list will appreciate, the git: scheme provides
> no integrity protection. Running the "smart" protocol over https: would
> be a better choice.
As long as you are pulling (and properly verifying) signed tags, the
git:// scheme provides entirely reasonable integrity protection.
TLS is not the only mechanism for guaranteeing data integrity.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: <http://lists.eff.org/pipermail/observatory/attachments/20110513/8557847c/attachment.sig>
More information about the Observatory
mailing list