[aur-general] Git over HTTPS

Giancarlo Razzolini grazzolini at gmail.com
Mon Jun 15 19:33:23 UTC 2015

Em 15-06-2015 16:26, Tom Swartz escreveu:
> With all due respect, requiring that a user punch holes in their security
> firewalls is not a proper or long term solution to the issue at hand.

It is the only solution.

> For home users, this might be a valid (although no less sane) solution, but
> in corporate networks where the firewall rules are crafted for a reason
> (e.g. to protect the rest of the devices on the network).

A rule that denies outgoing SSH access is a dumb one. It doesn't protect 
the rest of the devices on the network.

> As I mentioned in my original posting, (and as several other users
> mentioned) many of the solutions are server-side fixes.

Which requires using software that, not only can introduce security 
issues, can decrease the performance. I've used sshlp on the past, 
although I don't think it has any exploitable bugs, it's not as widely 
used as nginx and openssh itself.

> I firmly believe that restricting access to SSH, port 22 only, is something
> that will greatly hinder wide adoption.
> At the very least, it will prevent myself from uploading/updating my
> several AUR packages.

Instead of requiring others to solve your problem, you should explain to 
your network administrators that this rule is counterproductive. I don't 
really think that this will hinder adoption since port 22 is the default 
ssh port.


More information about the aur-general mailing list