Hi Jason,
On 30 Nov 2014, at 23:32, Jason Cooper tor@lakedaemon.net wrote:
On Sun, Nov 30, 2014 at 06:48:09PM +0100, Sebastian Hahn wrote:
Access via https:// has been provided for years, and should continue to work without any hiccups.
No issue there for folks that prefer the extra layer.
My point is basically that there's no reason not to always use the extra layer.
If there are questions or concerns, let's here them.
My problem with cancelling access via git:// is that the alternative (https) trains new users to think they need to trust the server. The fact is they don't. They need to trust the person identifying himself as Nick Mathewson who holds the private key for 8D29319A.
We don't just have tor.git up there, a lot of repos don't include a single signed commit or even tag. You're right that trusting the server is nothing a good dev should do, but I'm also not worried about our demographic here.
On a tangent, referring to keys by their short (or long, for that matter) keyid is not a good idea. How to verify Nick actually has the blessing of the Tor project (or any subset of people therein, etc) to sign tags is yet another problematic area without a real solution.
In conclusion: Yes, don't trust the server. I sleep a lot better pretending that people don't trust it.
I'd much prefer they be taught not to trust the path *or* the server.
Please consider restoring git:// access.
I have considered it, but my conclusion remains not to do it for now. Further discussion is invited.
Thanks Sebastian