Subnostr

Who sees the requirement to be authenticated to github to clone repo's as a problem? This means every `git clone` is traced to a user, so they can surveil everywhere code from github goes.

Now, you can sign up with any email. But I suspect as this frog boils the next step is to require all sign-ups to use Big Tech authentication.

Wen nostr-enabled github replacement

Hazey 2y ago

NEVERMIND, just no more unencrypted cloning which is good. They are not requiring authentication

Reply to this note

Please Login to reply.

Discussion

Nice and Kind Vic 2y ago

i didnt even know they supported unencrypted cloning

Hazey 2y ago

The raw git protocol is unencrypted. It's fine for in-house repos but not a good idea for the open internet. Anything unencrypted is subject to snooping, alteration, and man-in-the-middle attacks.

mleku 2y ago

If the repo's commits are signed, that closes the MITM attack/alteration vectors, and snooping too, at least learning what state is being copied in by a pull command.

Hazey 2y ago

True! But I don't think the percentage of repo's actually using signed commits is very high

mleku 2y ago

I didn't know you could use http:// github repos for years now never seen anything but HTTPS.

HTTPS doesn't stop you from anonymously cloning it via VPN, but to push to it you have to auth, and anyway it's simpler to use SSH for that anyway, I just generally use SSH unless I don't want them to know I'm cloning it, obviously they are logging it.

Hazey 2y ago

I was referring to git:// actually.