GNU bug report logs - #27795
Issues with upstream source for guile-emacs

Previous Next

Full log

View this message in rfc822 format

From: Leo Famulari <leo <at> famulari.name>
To: Ricardo Wurmus <rekado <at> elephly.net>
Cc: 27795 <at> debbugs.gnu.org
Subject: bug#27795: Issues with upstream source for guile-emacs
Date: Sun, 23 Jul 2017 12:05:22 -0400

[Message part 1 (text/plain, inline)]

On Sun, Jul 23, 2017 at 04:22:06PM +0200, Ricardo Wurmus wrote:
> 
> Ricardo Wurmus <rekado <at> elephly.net> writes:
> 
> > Leo Famulari <leo <at> famulari.name> writes:
> >
> >> While working on the bug 'Changing package source URLs from git:// to
> >> https://' [0], I noticed an issue with the sources for guile-emacs.
> >>
> >> We currently fetch this source code over the unauthenticated GIT
> >> protocol. It is also available over HTTPS. However, these two protocols
> >> are returning different Git repos for some reason.
> >
> > The clone times out for me:
> >
> > --8<---------------cut here---------------start------------->8---
> > git clone https://git.hcoop.net/git/bpt/emacs.git guile-emacs-over-https
> > Cloning into 'guile-emacs-over-https'...
> > ^C
> > --8<---------------cut here---------------end--------------->8---
> >
> > But the clone from git:// works fine.
> >
> > Is the repository actually served over HTTPS?
> 
> Don’t mind me.  It eventually worked.  The repositories have different
> histories, and the https-repo looks like it is two commits behind.
> Looks like an older rebase.
> 
> I’d say we should leave it with the current git:// URL.

The thing is, since the git:// protocol is unauthenticated, we could
assume that those extra two commits are added by a MitM :/

Somebody who is interested in guile-emacs should really ask upstream
what is going on.

[signature.asc (application/pgp-signature, inline)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.