[aur-general] Git over HTTPS

Magnus Therning magnus at therning.org
Tue Jun 16 06:36:46 UTC 2015

On 15 June 2015 at 21:33, Giancarlo Razzolini <grazzolini at gmail.com> wrote:
> Em 15-06-2015 16:26, Tom Swartz escreveu:
>> With all due respect, requiring that a user punch holes in their security
>> firewalls is not a proper or long term solution to the issue at hand.
> It is the only solution.

AFAICS it's "the only solution" only due to decisions made by the
people maintaining AUR, or is there some technical reason that makes
it *impossible* to allow HTTPS access to the git repos?

>> For home users, this might be a valid (although no less sane) solution,
>> but
>> in corporate networks where the firewall rules are crafted for a reason
>> (e.g. to protect the rest of the devices on the network).
> A rule that denies outgoing SSH access is a dumb one. It doesn't protect the
> rest of the devices on the network.

I fully agree with you, but you make a very common mistake here: you
apply logic and rational thinking to a situation that isn't governed
by it :)  You know it's a silly rule, I know it's a silly rule,
everyone I interact with at work on a daily basis knows it's a silly
rule.  However, convincing the IT department of a 50000+ behemoth of a
company that it's a silly rule *and that it should be changed* is a
huge undertaking!

>> I firmly believe that restricting access to SSH, port 22 only, is
>> something
>> that will greatly hinder wide adoption.
>> At the very least, it will prevent myself from uploading/updating my
>> several AUR packages.
> Instead of requiring others to solve your problem, you should explain to
> your network administrators that this rule is counterproductive. I don't
> really think that this will hinder adoption since port 22 is the default ssh
> port.

You clearly are fortunate enough to only be surrounded by people who
base their decisions on logic and who are willing to go back on
earlier decisions, and make changes solely based on well-founded
arguments presented by engineers.  I've worked in about 10+ different
organisations, ranging in size from 50 to 100000+ and I have still to
find a place like the one you are in.  I strongly urge you to *never*
switch jobs!


Magnus Therning                      OpenPGP: 0xAB4DFBA4
email: magnus at therning.org   jabber: magnus at therning.org
twitter: magthe               http://therning.org/magnus

More information about the aur-general mailing list