From: Fraser Tweedale <frase@frase.id.au>
Date: Wed, 26 Jun 2013 05:53:59 +0000 (+1000)
Subject: documentation: add git:// transport security notice
X-Git-Tag: v1.8.3.4~10^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=20618016df1255a2adebe900af7d66f88ef7a33b;p=thirdparty%2Fgit.git

documentation: add git:// transport security notice

The fact that the git:// transport does no authentication is easily
overlooked.  For example, DNS poisoning may result in fetching from
somewhere that was not intended.

Add a brief security notice to the "GIT URLS" section
of the documentation stating that the git transport should be used
with caution on unsecured networks.

Signed-off-by: Fraser Tweedale <frase@frase.id.au>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
---

diff --git a/Documentation/urls.txt b/Documentation/urls.txt
index 3ca122faed..5992ede1d8 100644
--- a/Documentation/urls.txt
+++ b/Documentation/urls.txt
@@ -11,6 +11,9 @@ and ftps can be used for fetching and rsync can be used for fetching
 and pushing, but these are inefficient and deprecated; do not use
 them).
 
+The native transport (i.e. git:// URL) does no authentication and
+should be used with caution on unsecured networks.
+
 The following syntaxes may be used with them:
 
 - ssh://{startsb}user@{endsb}host.xz{startsb}:port{endsb}/path/to/repo.git/