Add info regarding cloning using HTTPS/SSH in readme #1375
Assignees
Labels
documentation
Improvements or additions to documentation
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
When going through the Best Practices followed for OpenSource Projects on : https://www.bestpractices.dev/en/projects/8099
I found this .
The project MUST use a delivery mechanism that counters MITM attacks. Using https or ssh+scp is acceptable.
An even stronger mechanism is releasing the software with digitally signed packages, since that mitigates attacks on the distribution system, but this only works if the users can be confident that the public keys for signatures are correct and if the users will actually check the signature.
Describe the solution you'd like
To further ensure users are aware that they can securely clone the repository, we should update the README.md to include instructions for cloning using HTTPS and SSH.
The text was updated successfully, but these errors were encountered: