[aur-general] Git over HTTPS
Alan Jenkins
alan.james.jenkins at gmail.com
Tue Jun 16 20:22:33 UTC 2015
Hey Giancario,
Most of the large companies block everything and start from there, normally
everything is blocked outbound and only things that are business critical
are allowed until the business is able to function. In many cases they will
block all outbound traffic and only allow access to the internet via ftp,
http and the mitm style https via a proxy that is able to scan the content
being sent across the connections to ensure they do not fall foul of a
trojan or other malware.
So unless I am missing something how are you going to tunnel out of a
network if you only have port 21, 80 and 443 which are all really just
going to the proxy server? If you do know a way I would love to hear it as
I am interested, but as I stated in the previous email we are off topic.
The problem is that no matter how hard you moan at the people in control of
the firewalls they will normally not allow access to something unless
*they* deem it to be secure, and once the person you are communicating with
gets annoyed with you they will just send you to the next guy until you get
annoyed and just give up (been there done that).
Can we please stick to the feasibility of doing git+https? Github +
Bitbucket are able to do it so surely we can too right? Or is there too
much code relying on the SSH public key auth now?
On 16 June 2015 at 20:30, Giancarlo Razzolini <grazzolini at gmail.com> wrote:
> Em 16-06-2015 14:20, Alan Jenkins escreveu:
>
>> Also may I remind you that the focus of this conversation is allowing
>> users
>> in corporate environments access to be able to contribute to the AUR.
>> These
>> environments block SSH for multiple reasons but are able to allow HTTPS as
>> they are able to more tightly regulate it.
>>
> There are literally tons of ways to tunnel out of a network. SSH is just
> one of them. Instead of blocking anything, network admins should monitor
> the traffic using netflow, and set alarms when too much data is leaving the
> network. That would prevent a lot of data breaches. Or at least minimize
> their impact.
>
> Expecting to block something to avoid information breach, or any other
> kind of data theft is dumb. Also, come on people. It's 2015. Doesn't
> everybody also have a machine at home?
>
> Cheers,
> Giancarlo Razzolini
>
More information about the aur-general
mailing list