Hi Jason, On 30 Nov 2014, at 23:32, Jason Cooper <tor@xxxxxxxxxxxxxx> wrote: > On Sun, Nov 30, 2014 at 06:48:09PM +0100, Sebastian Hahn wrote: >> Access via https:// has been provided for years, and should continue >> to work without any hiccups. > > No issue there for folks that prefer the extra layer. My point is basically that there's no reason not to always use the extra layer. >> If there are questions or concerns, let's here them. > My problem with cancelling access via git:// is that the alternative > (https) trains new users to think they need to trust the server. The > fact is they don't. They need to trust the person identifying himself > as Nick Mathewson who holds the private key for 8D29319A. We don't just have tor.git up there, a lot of repos don't include a single signed commit or even tag. You're right that trusting the server is nothing a good dev should do, but I'm also not worried about our demographic here. On a tangent, referring to keys by their short (or long, for that matter) keyid is not a good idea. How to verify Nick actually has the blessing of the Tor project (or any subset of people therein, etc) to sign tags is yet another problematic area without a real solution. In conclusion: Yes, don't trust the server. I sleep a lot better pretending that people don't trust it. > I'd much prefer they be taught not to trust the path *or* the server. > > Please consider restoring git:// access. I have considered it, but my conclusion remains not to do it for now. Further discussion is invited. Thanks Sebastian
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev