The git protocol is not just unencrypted, but also unauthenticated.
In theory it is possible to verify the signed tags for actual
releases, but that is a cumbersome process which I very much doubt
anyone really does.
As for the various branch tips, there is currently no way (unless you
have a shell account on xenbits) to get any kind of authenticated
Conversely, if you use an https url, you get some cryptographic
authentication of what you are cloning. The crypto there is far from
perfect but it is massively better than nothing.
Additionally, in general, using and supporting https also means that
*what users are accessing* is encrypted. This enhances user privacy.
In the specific case of the git trees on xenbits this is a very minor
Signed-off-by: Wei Liu <[hidden email]>
Acked-by: Ian Jackson <[hidden email]>
MAINTAINERS | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)