1. Patchew
  2. QEMU
  3. [Qemu-devel] [PATCH v3 0/8] Use 'https://' instead of 'git://'
  4. View patch

[Qemu-devel] [PATCH v3 1/8] README: use 'https://' instead of 'git://'

Stefan Hajnoczi posted 8 patches 7 years ago
There is a newer version of this series
[Qemu-devel] [PATCH v3 1/8] README: use 'https://' instead of 'git://'
Posted by Stefan Hajnoczi 7 years ago 
When you clone the repository without previous commit history, 'git://'
doesn't protect from man-in-the-middle attacks.  HTTPS is more secure
since the client verifies the server certificate.

Reported-by: Jann Horn <jannh@google.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 README         | 4 ++--
 pc-bios/README | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/README b/README
index 49a9fd09cd..441c33eb2f 100644
--- a/README
+++ b/README
@@ -54,7 +54,7 @@ Submitting patches
 
 The QEMU source code is maintained under the GIT version control system.
 
-   git clone git://git.qemu.org/qemu.git
+   git clone https://git.qemu.org/git/qemu.git
 
 When submitting patches, one common approach is to use 'git
 format-patch' and/or 'git send-email' to format & send the mail to the
@@ -70,7 +70,7 @@ the QEMU website
 
 The QEMU website is also maintained under source control.
 
-  git clone git://git.qemu.org/qemu-web.git
+  git clone https://git.qemu.org/git/qemu-web.git
   https://www.qemu.org/2017/02/04/the-new-qemu-website-is-up/
 
 A 'git-publish' utility was created to make above process less
diff --git a/pc-bios/README b/pc-bios/README
index 90f0fa7aa7..b572e9eb00 100644
--- a/pc-bios/README
+++ b/pc-bios/README
@@ -23,7 +23,7 @@
   legacy x86 software to communicate with an attached serial console as
   if a video card were attached.  The master sources reside in a subversion
   repository at http://sgabios.googlecode.com/svn/trunk.  A git mirror is
-  available at git://git.qemu.org/sgabios.git.
+  available at https://git.qemu.org/git/sgabios.git.
 
 - The PXE roms come from the iPXE project. Built with BANNER_TIME 0.
   Sources available at http://ipxe.org.  Vendor:Device ID -> ROM mapping:
@@ -40,7 +40,7 @@
 
 - The u-boot binary for e500 comes from the upstream denx u-boot project where
   it was compiled using the qemu-ppce500 target.
-  A git mirror is available at: git://git.qemu.org/u-boot.git
+  A git mirror is available at: https://git.qemu.org/git/u-boot.git
   The hash used to compile the current version is: 2072e72
 
 - Skiboot (https://github.com/open-power/skiboot/) is an OPAL
-- 
2.17.2
Re: [Qemu-devel] [PATCH v3 1/8] README: use 'https://' instead of 'git://'
Posted by Philippe Mathieu-Daudé 7 years ago 
On 4/11/18 12:24, Stefan Hajnoczi wrote:
> When you clone the repository without previous commit history, 'git://'
> doesn't protect from man-in-the-middle attacks.  HTTPS is more secure
> since the client verifies the server certificate.
> 
> Reported-by: Jann Horn <jannh@google.com>
> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>

> ---
>   README         | 4 ++--
>   pc-bios/README | 4 ++--
>   2 files changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/README b/README
> index 49a9fd09cd..441c33eb2f 100644
> --- a/README
> +++ b/README
> @@ -54,7 +54,7 @@ Submitting patches
>   
>   The QEMU source code is maintained under the GIT version control system.
>   
> -   git clone git://git.qemu.org/qemu.git
> +   git clone https://git.qemu.org/git/qemu.git
>   
>   When submitting patches, one common approach is to use 'git
>   format-patch' and/or 'git send-email' to format & send the mail to the
> @@ -70,7 +70,7 @@ the QEMU website
>   
>   The QEMU website is also maintained under source control.
>   
> -  git clone git://git.qemu.org/qemu-web.git
> +  git clone https://git.qemu.org/git/qemu-web.git
>     https://www.qemu.org/2017/02/04/the-new-qemu-website-is-up/
>   
>   A 'git-publish' utility was created to make above process less
> diff --git a/pc-bios/README b/pc-bios/README
> index 90f0fa7aa7..b572e9eb00 100644
> --- a/pc-bios/README
> +++ b/pc-bios/README
> @@ -23,7 +23,7 @@
>     legacy x86 software to communicate with an attached serial console as
>     if a video card were attached.  The master sources reside in a subversion
>     repository at http://sgabios.googlecode.com/svn/trunk.  A git mirror is
> -  available at git://git.qemu.org/sgabios.git.
> +  available at https://git.qemu.org/git/sgabios.git.
>   
>   - The PXE roms come from the iPXE project. Built with BANNER_TIME 0.
>     Sources available at http://ipxe.org.  Vendor:Device ID -> ROM mapping:
> @@ -40,7 +40,7 @@
>   
>   - The u-boot binary for e500 comes from the upstream denx u-boot project where
>     it was compiled using the qemu-ppce500 target.
> -  A git mirror is available at: git://git.qemu.org/u-boot.git
> +  A git mirror is available at: https://git.qemu.org/git/u-boot.git
>     The hash used to compile the current version is: 2072e72
>   
>   - Skiboot (https://github.com/open-power/skiboot/) is an OPAL
>
Re: [Qemu-devel] [PATCH v3 1/8] README: use 'https://' instead of 'git://'
Posted by Alex Bennée 7 years ago 
Stefan Hajnoczi <stefanha@redhat.com> writes:

> When you clone the repository without previous commit history, 'git://'
> doesn't protect from man-in-the-middle attacks.  HTTPS is more secure
> since the client verifies the server certificate.
>
> Reported-by: Jann Horn <jannh@google.com>
> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>

> ---
>  README         | 4 ++--
>  pc-bios/README | 4 ++--
>  2 files changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/README b/README
> index 49a9fd09cd..441c33eb2f 100644
> --- a/README
> +++ b/README
> @@ -54,7 +54,7 @@ Submitting patches
>  
>  The QEMU source code is maintained under the GIT version control system.
>  
> -   git clone git://git.qemu.org/qemu.git
> +   git clone https://git.qemu.org/git/qemu.git
>  
>  When submitting patches, one common approach is to use 'git
>  format-patch' and/or 'git send-email' to format & send the mail to the
> @@ -70,7 +70,7 @@ the QEMU website
>  
>  The QEMU website is also maintained under source control.
>  
> -  git clone git://git.qemu.org/qemu-web.git
> +  git clone https://git.qemu.org/git/qemu-web.git
>    https://www.qemu.org/2017/02/04/the-new-qemu-website-is-up/
>  
>  A 'git-publish' utility was created to make above process less
> diff --git a/pc-bios/README b/pc-bios/README
> index 90f0fa7aa7..b572e9eb00 100644
> --- a/pc-bios/README
> +++ b/pc-bios/README
> @@ -23,7 +23,7 @@
>    legacy x86 software to communicate with an attached serial console as
>    if a video card were attached.  The master sources reside in a subversion
>    repository at http://sgabios.googlecode.com/svn/trunk.  A git mirror is
> -  available at git://git.qemu.org/sgabios.git.
> +  available at https://git.qemu.org/git/sgabios.git.
>  
>  - The PXE roms come from the iPXE project. Built with BANNER_TIME 0.
>    Sources available at http://ipxe.org.  Vendor:Device ID -> ROM mapping:
> @@ -40,7 +40,7 @@
>  
>  - The u-boot binary for e500 comes from the upstream denx u-boot project where
>    it was compiled using the qemu-ppce500 target.
> -  A git mirror is available at: git://git.qemu.org/u-boot.git
> +  A git mirror is available at: https://git.qemu.org/git/u-boot.git
>    The hash used to compile the current version is: 2072e72
>  
>  - Skiboot (https://github.com/open-power/skiboot/) is an OPAL


-- 
Alex Bennée

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.