HSTS and git

By devin, 2 November, 2015

I've been in China for two months now, and I enjoy programming so I've checked probably 5-6 projects out of github at this point.

During this time, I've had troubles accessing https://gist.github.com. This always struck me as weird, but I didn't think too much of it.

Then today I read this link: https://news.ycombinator.com/item?id=5124784. The story explains that Github's certificate chain has been messed with from China. It turns out I can actually access https://gist.github.com from Safari, it's just Firefox, Chrome, and Opera that fail.

As it turns out, https access to github is compromised in China. And I've been cloning projects over HTTPS. There's a very real chance the code I've cloned is suspect.

That's pretty bad!

I'm starting to research how to mitigate this problem. At the very least, I want to enforce HSTS like my browsers do. Currently, running git clone https://github.com/metamaps/metamaps_gen002.git just works. That's not good. I want it to only function when I'm connected securely.

The first place I'm going to research is here: http://apple.stackexchange.com/questions/24640/how-do-i-remove-many-sys…

To be continued...


Plain text

  • No HTML tags allowed.
  • Web page addresses and email addresses turn into links automatically.
  • Lines and paragraphs break automatically.