summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFraser Tweedale <frase@frase.id.au>2013-06-26 15:53:59 +1000
committerJunio C Hamano <gitster@pobox.com>2013-06-26 13:55:37 -0700
commit20618016df1255a2adebe900af7d66f88ef7a33b (patch)
tree7f5b289e57c1d8e347123c8a27a53ab84b64067d
parentc0add3073a5bd0e295cdaea76e5c9b7805f8a047 (diff)
downloadgit-20618016df1255a2adebe900af7d66f88ef7a33b.tar.gz
documentation: add git:// transport security notice
The fact that the git:// transport does no authentication is easily overlooked. For example, DNS poisoning may result in fetching from somewhere that was not intended. Add a brief security notice to the "GIT URLS" section of the documentation stating that the git transport should be used with caution on unsecured networks. Signed-off-by: Fraser Tweedale <frase@frase.id.au> Signed-off-by: Junio C Hamano <gitster@pobox.com>
-rw-r--r--Documentation/urls.txt3
1 files changed, 3 insertions, 0 deletions
diff --git a/Documentation/urls.txt b/Documentation/urls.txt
index 3ca122faed..5992ede1d8 100644
--- a/Documentation/urls.txt
+++ b/Documentation/urls.txt
@@ -11,6 +11,9 @@ and ftps can be used for fetching and rsync can be used for fetching
and pushing, but these are inefficient and deprecated; do not use
them).
+The native transport (i.e. git:// URL) does no authentication and
+should be used with caution on unsecured networks.
+
The following syntaxes may be used with them:
- ssh://{startsb}user@{endsb}host.xz{startsb}:port{endsb}/path/to/repo.git/