Email: email@example.com • Mastodon: @firstname.lastname@example.org • Debian: benh (Salsa, QA) • Gitweb: git.decadent.org.uk • GitHub: bwhacks
Some source packages have Vcs-Git URLs using the git: scheme, which is plain-text and unauthenticated. It's probably harder to MITM than HTTP, but still we can do better than this even for anonymous checkouts. git is now nearly as efficient at cloning/pulling over HTTP-S, so why not make that the default?
Adding the following lines to ~/.gitconfig will make git consistently use HTTP-S to access Alioth. It's not quite HTTPS-Everywhere, but it's a step in that direction:
[url "https://anonscm.debian.org/git/"] insteadOf = git://anonscm.debian.org/ insteadOf = git://git.debian.org/
Additionally you can automatically fix up the push URL in case you have or are later given commit access to the repository on Alioth:
[url "git+ssh://git.debian.org/git/"] pushInsteadOf = git://anonscm.debian.org/ pushInsteadOf = git://git.debian.org/
Similar for git.kernel.org:
[url "https://git.kernel.org/pub/scm/"] insteadOf = git://git.kernel.org/pub/scm/ [url "git+ssh://ra.kernel.org/pub/scm/"] pushInsteadOf = git://git.kernel.org/pub/scm/
RTFM for more information on these configuration variables.