Also may I remind you that the focus of this conversation is allowing users in corporate environments access to be able to contribute to the AUR. These environments block SSH for multiple reasons but are able to allow HTTPS as they are able to more tightly regulate it. We just need git/https and then there is no problem. Also as I didn't want to have to type it all up myself here is a link that explains how https is scanned: http://security.stackexchange.com/questions/8145/does-https-prevent-man-in-t... On 16 June 2015 at 17:42, Alan Jenkins <alan.james.jenkins@gmail.com> wrote:
Actually they very often strip https traffic too. I used to work for Symantec.cloud and we did both http and https scanning so don't try to say that it is not a valid argument as I assure you you can scan and do content filtering on https.
On 16 June 2015 at 14:35, Manuel Reimer <manuel.reimer@gmx.de> wrote:
On 06/16/2015 08:24 AM, Alan Jenkins wrote:
I am with the OP on this, having worked in a cloud security company I understand why they block port 22 out bound and know it to be a common problem. It is blocked to stop employees accidentally or intentionally leaking important customer or business data. You can also use SSH to bypass security measures in place within the network and even create tunnels back into the network.
You can do this via HTTPS, too.
--> Bad argument.
Manuel