[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: Notice of upcoming changes to the behaviour of the anongit network
From:       Ben Cooksley <bcooksley () kde ! org>
Date:       2020-04-13 9:23:22
Message-ID: CA+XidOGEUTHRm8-yQ4=fCxMaGpBA11pPPBRqk-AogiEtpYiyeg () mail ! gmail ! com
[Download RAW message or body]

On Mon, Apr 13, 2020 at 2:24 PM Ian Wadham <iandw.au@gmail.com> wrote:
>
> Hi Ben,

Hi Ian,

>
> > On 11 Apr 2020, at 8:14 pm, Ben Cooksley <bcooksley@kde.org> wrote:
> >
> > Hi all,
> >
> > As part of the preparations for the move to Gitlab, and the rewrite of
> > our anongit tooling, one of the things we have looked into is how the
> > anongit network in general operates.
> >
> > As part of this, it has been observed that the git:// protocol is
> > unencrypted, and thus vulnerable to intercept and manipulation by
> > hostile actors.
> >
> > We have therefore decided that support for the git:// protocol to
> > access KDE Git repositories will cease following our migration to
> > Gitlab.
> >
> > Going forward, all anonymous access should take place instead over
> > https, which is encrypted, and has the added benefit of offering
> > support for redirects (should those be needed)
> >
> > Should anyone have any questions regarding this, please let us know.
>
> I am a former KDE developer but AFAIK my account and access have long sin=
ce expired.
>
> However I still hover on kde-devel, kde-games-devel and and Apple OSX lis=
t (MacPorts users) and am sometimes able to suggest solutions to problems t=
hat come up, for which I need read-only access to source code from anongit.=
 I have some questions regarding how things will work in future.
>
> 1. Will the general public still have open access to browse KDE source co=
de repositories on screens?

Not sure what you are referring to by 'screens' here sorry.

>
> 2. Will I be able to clone a read-only copy of a KDE repository (I have n=
o intention of committing to central repos)?
>
> 3. Will I be able to do the above without having to know any account ID, =
password or encryption key?

In terms of open access, they will continue to be browsable through
the Gitlab web interface (at https://invent.kde.org/) and can be
cloned over https (either from the anongit network, or from Gitlab
itself) without any authentication or account being required.

It is only the git:// protocol that is being discontinued.

>
> Thanks and best regards,
> Ian Wadham.
>

Cheers,
Ben
[prev in list] [next in list] [prev in thread] [next in thread]