New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ecosystem: rockspecs should not use insecure git protocol #6587
Labels
Comments
Totktonada
added a commit
to tarantool/modulekit
that referenced
this issue
Nov 2, 2021
GitHub is going to disable unencrypted Git protocol, so `git://` URLs will stop working soon (see [1]). [1]: https://github.blog/2021-09-01-improving-git-protocol-security-github/ Part of tarantool/tarantool#6587
Totktonada
added a commit
to tarantool/modulekit
that referenced
this issue
Nov 2, 2021
GitHub is going to disable unencrypted Git protocol, so `git://` URLs will stop working soon (see [1]). [1]: https://github.blog/2021-09-01-improving-git-protocol-security-github/ Part of tarantool/tarantool#6587
Totktonada
added a commit
to tarantool/http
that referenced
this issue
Nov 2, 2021
GitHub is going to disable unencrypted Git protocol, so `git://` URLs will stop working soon (see [1]). [1]: https://github.blog/2021-09-01-improving-git-protocol-security-github/ Part of tarantool/tarantool#6587
Totktonada
added a commit
to tarantool/http
that referenced
this issue
Nov 2, 2021
GitHub is going to disable unencrypted Git protocol, so `git://` URLs will stop working soon (see [1]). [1]: https://github.blog/2021-09-01-improving-git-protocol-security-github/ Part of tarantool/tarantool#6587
Totktonada
added a commit
to tarantool/argon2
that referenced
this issue
Nov 2, 2021
GitHub is going to disable unencrypted Git protocol, so `git://` URLs will stop working soon (see [1]). [1]: https://github.blog/2021-09-01-improving-git-protocol-security-github/ Part of tarantool/tarantool#6587
Totktonada
added a commit
to tarantool/avro-schema
that referenced
this issue
Nov 2, 2021
GitHub is going to disable unencrypted Git protocol, so `git://` URLs will stop working soon (see [1]). [1]: https://github.blog/2021-09-01-improving-git-protocol-security-github/ Part of tarantool/tarantool#6587
Totktonada
added a commit
to tarantool/cbench
that referenced
this issue
Nov 2, 2021
GitHub is going to disable unencrypted Git protocol, so `git://` URLs will stop working soon (see [1]). [1]: https://github.blog/2021-09-01-improving-git-protocol-security-github/ Part of tarantool/tarantool#6587
Totktonada
added a commit
to tarantool/checks
that referenced
this issue
Nov 2, 2021
GitHub is going to disable unencrypted Git protocol, so `git://` URLs will stop working soon (see [1]). [1]: https://github.blog/2021-09-01-improving-git-protocol-security-github/ Part of tarantool/tarantool#6587
Totktonada
added a commit
to tarantool/config
that referenced
this issue
Nov 2, 2021
GitHub is going to disable unencrypted Git protocol, so `git://` URLs will stop working soon (see [1]). [1]: https://github.blog/2021-09-01-improving-git-protocol-security-github/ Part of tarantool/tarantool#6587
Totktonada
added a commit
to tarantool/connpool
that referenced
this issue
Nov 2, 2021
GitHub is going to disable unencrypted Git protocol, so `git://` URLs will stop working soon (see [1]). [1]: https://github.blog/2021-09-01-improving-git-protocol-security-github/ Part of tarantool/tarantool#6587
Totktonada
added a commit
to tarantool/document
that referenced
this issue
Nov 2, 2021
GitHub is going to disable unencrypted Git protocol, so `git://` URLs will stop working soon (see [1]). [1]: https://github.blog/2021-09-01-improving-git-protocol-security-github/ Part of tarantool/tarantool#6587
Totktonada
added a commit
to tarantool/dump
that referenced
this issue
Nov 2, 2021
GitHub is going to disable unencrypted Git protocol, so `git://` URLs will stop working soon (see [1]). [1]: https://github.blog/2021-09-01-improving-git-protocol-security-github/ Part of tarantool/tarantool#6587
Totktonada
added a commit
to tarantool/expirationd
that referenced
this issue
Nov 2, 2021
GitHub is going to disable unencrypted Git protocol, so `git://` URLs will stop working soon (see [1]). [1]: https://github.blog/2021-09-01-improving-git-protocol-security-github/ Part of tarantool/tarantool#6587
Totktonada
added a commit
to tarantool/pg
that referenced
this issue
Nov 9, 2021
GitHub is going to disable unencrypted Git protocol, so `git://` URLs will stop working soon (see [1]). [1]: https://github.blog/2021-09-01-improving-git-protocol-security-github/ Part of tarantool/tarantool#6587
Totktonada
added a commit
to tarantool/ldecnumber
that referenced
this issue
Nov 9, 2021
GitHub is going to disable unencrypted Git protocol, so `git://` URLs will stop working soon (see [1]). [1]: https://github.blog/2021-09-01-improving-git-protocol-security-github/ Part of tarantool/tarantool#6587
Totktonada
added a commit
to tarantool/kafka
that referenced
this issue
Nov 9, 2021
GitHub is going to disable unencrypted Git protocol, so `git://` URLs will stop working soon (see [1]). [1]: https://github.blog/2021-09-01-improving-git-protocol-security-github/ Part of tarantool/tarantool#6587
Totktonada
added a commit
to tarantool/tradeparser
that referenced
this issue
Nov 9, 2021
GitHub is going to disable unencrypted Git protocol, so `git://` URLs will stop working soon (see [1]). [1]: https://github.blog/2021-09-01-improving-git-protocol-security-github/ Part of tarantool/tarantool#6587
Totktonada
added a commit
to tarantool/tuple-keydef
that referenced
this issue
Nov 9, 2021
GitHub is going to disable unencrypted Git protocol, so `git://` URLs will stop working soon (see [1]). [1]: https://github.blog/2021-09-01-improving-git-protocol-security-github/ Part of tarantool/tarantool#6587
Totktonada
added a commit
to tarantool/tuple-merger
that referenced
this issue
Nov 9, 2021
GitHub is going to disable unencrypted Git protocol, so `git://` URLs will stop working soon (see [1]). [1]: https://github.blog/2021-09-01-improving-git-protocol-security-github/ Part of tarantool/tarantool#6587
Totktonada
added a commit
to tarantool/websocket
that referenced
this issue
Nov 9, 2021
GitHub is going to disable unencrypted Git protocol, so `git://` URLs will stop working soon (see [1]). [1]: https://github.blog/2021-09-01-improving-git-protocol-security-github/ Part of tarantool/tarantool#6587
Totktonada
added a commit
to tarantool/zookeeper
that referenced
this issue
Nov 9, 2021
GitHub is going to disable unencrypted Git protocol, so `git://` URLs will stop working soon (see [1]). [1]: https://github.blog/2021-09-01-improving-git-protocol-security-github/ Part of tarantool/tarantool#6587
Hello, Regards, |
ligurio
pushed a commit
to tarantool/http
that referenced
this issue
Nov 9, 2021
GitHub is going to disable unencrypted Git protocol, so `git://` URLs will stop working soon (see [1]). [1]: https://github.blog/2021-09-01-improving-git-protocol-security-github/ Part of tarantool/tarantool#6587
ligurio
pushed a commit
to tarantool/http
that referenced
this issue
Nov 9, 2021
GitHub is going to disable unencrypted Git protocol, so `git://` URLs will stop working soon (see [1]). [1]: https://github.blog/2021-09-01-improving-git-protocol-security-github/ Part of tarantool/tarantool#6587
ligurio
pushed a commit
to tarantool/checks
that referenced
this issue
Nov 17, 2021
GitHub is going to disable unencrypted Git protocol, so `git://` URLs will stop working soon (see [1]). [1]: https://github.blog/2021-09-01-improving-git-protocol-security-github/ Part of tarantool/tarantool#6587
ligurio
pushed a commit
to tarantool/checks
that referenced
this issue
Nov 17, 2021
GitHub is going to disable unencrypted Git protocol, so `git://` URLs will stop working soon (see [1]). [1]: https://github.blog/2021-09-01-improving-git-protocol-security-github/ Part of tarantool/tarantool#6587
ligurio
pushed a commit
to tarantool/checks
that referenced
this issue
Nov 17, 2021
GitHub is going to disable unencrypted Git protocol, so `git://` URLs will stop working soon (see [1]). [1]: https://github.blog/2021-09-01-improving-git-protocol-security-github/ Part of tarantool/tarantool#6587
ligurio
pushed a commit
to tarantool/checks
that referenced
this issue
Dec 29, 2021
GitHub is going to disable unencrypted Git protocol, so `git://` URLs will stop working soon (see [1]). [1]: https://github.blog/2021-09-01-improving-git-protocol-security-github/ Part of tarantool/tarantool#6587
ligurio
pushed a commit
to tarantool/checks
that referenced
this issue
Dec 29, 2021
GitHub is going to disable unencrypted Git protocol, so `git://` URLs will stop working soon (see [1]). [1]: https://github.blog/2021-09-01-improving-git-protocol-security-github/ Part of tarantool/tarantool#6587
ligurio
pushed a commit
to tarantool/pg
that referenced
this issue
Mar 25, 2022
GitHub is going to disable unencrypted Git protocol, so `git://` URLs will stop working soon (see [1]). [1]: https://github.blog/2021-09-01-improving-git-protocol-security-github/ Part of tarantool/tarantool#6587
ligurio
pushed a commit
to tarantool/pg
that referenced
this issue
Mar 25, 2022
GitHub is going to disable unencrypted Git protocol, so `git://` URLs will stop working soon (see [1]). [1]: https://github.blog/2021-09-01-improving-git-protocol-security-github/ Part of tarantool/tarantool#6587
ligurio
pushed a commit
to tarantool/pg
that referenced
this issue
Mar 25, 2022
GitHub is going to disable unencrypted Git protocol, so `git://` URLs will stop working soon (see [1]). [1]: https://github.blog/2021-09-01-improving-git-protocol-security-github/ Part of tarantool/tarantool#6587
ligurio
pushed a commit
to tarantool/pg
that referenced
this issue
Mar 25, 2022
GitHub is going to disable unencrypted Git protocol, so `git://` URLs will stop working soon (see [1]). [1]: https://github.blog/2021-09-01-improving-git-protocol-security-github/ Part of tarantool/tarantool#6587
ligurio
pushed a commit
to tarantool/pg
that referenced
this issue
Mar 25, 2022
GitHub is going to disable unencrypted Git protocol, so `git://` URLs will stop working soon (see [1]). [1]: https://github.blog/2021-09-01-improving-git-protocol-security-github/ Part of tarantool/tarantool#6587
It is not in the list, but I also proposed the same change to luacov-coveralls: moteus/luacov-coveralls#30. |
ArtDu
pushed a commit
to ArtDu/expirationd
that referenced
this issue
May 10, 2022
GitHub is going to disable unencrypted Git protocol, so `git://` URLs will stop working soon (see [1]). [1]: https://github.blog/2021-09-01-improving-git-protocol-security-github/ Part of tarantool/tarantool#6587
Current status:
I think there is nothing to track here. Closing then. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We recently was hit by the following problem:
The reason is that GitHub is going to disable pulls using insecure git protocol: https://github.blog/2021-09-01-improving-git-protocol-security-github/.
Generally it means that we should replace
url = 'git://github.com/<...>'.git
rockspec directive withurl = 'git+https://github.com/<...>.git'
. (Caution: justurl = 'https://<...>'
means a tarball, not a git repository.)I resolved the problem manually: updated all problematic rockspecs on rocks.tarantool.org (it is the server, which is used by default by
tarantoolctl rocks [subcommand]
).However we should update rockspecs in repositories, because it is quite usual to deploy a rockspec from a project repository to rocks.tarantool.org automatically from CI (or manually, but the rockspec is anyway based on one from the repository).
We should also restrict rocks.tarantool.org server to decline rockspecs with insecure github.com repository URLs:
The list of rocks.tarantool.org rocks with status against this problem is the following (will be updated).
git+https://
)git+https://
)git+https://
; the rock is deprecated, it was rewritten in Go)git+https://
)git+https://
)git+https://
)git+https://
)git+https://
)git+https://
)git+https://
)git+https://
)git+https://
)git+https://
, was updated here)git+https://
)git+https://
)git+https://
)git+https://
)Removed the 'modulekit' rockspec from rocks.tarantool.org, because it is too old (corresponds to the old repository layout) and could not be installed anymore. The repository is splitted now to luakit and ckit branches. Since there is no much sense to deploy the template repository, I will not deploy 'luakit' and 'ckit' rocks instead of the 'modulekit' one.
luafun will be updated here:
The text was updated successfully, but these errors were encountered: