[Poppler-bugs] [Bug 97597] New: poppler website should reference secure / https git checkout variant
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Mon Sep 5 09:16:38 UTC 2016
https://bugs.freedesktop.org/show_bug.cgi?id=97597
Bug ID: 97597
Summary: poppler website should reference secure / https git
checkout variant
Product: poppler
Version: unspecified
Hardware: Other
OS: All
Status: NEW
Severity: normal
Priority: medium
Component: general
Assignee: poppler-bugs at lists.freedesktop.org
Reporter: hanno at hboeck.de
Currently the poppler website recommends this command to check out the poppler
source code:
git clone git://git.freedesktop.org/git/poppler/poppler
I would recommend to change this to the https version, so users get the code in
a secure way by default. The git:// is insecure by design and it would allow an
active attacker to manipulate the code someone downloads.
Like this:
git clone https://anongit.freedesktop.org/git/poppler/poppler.git
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/poppler-bugs/attachments/20160905/f139a1ae/attachment.html>
More information about the Poppler-bugs
mailing list