Skip to content

Update to https repo URL #54

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Mar 4, 2017
Merged

Update to https repo URL #54

merged 1 commit into from
Mar 4, 2017

Conversation

ArashMotamedi
Copy link
Contributor

@ArashMotamedi ArashMotamedi commented Feb 12, 2017

The non-secure SSH github url issues a security warning and requests the user to verify the server IP and key before proceeding with the clone. Using the https URL eliminates the warning.

@aikar
Copy link

aikar commented Feb 21, 2017

um, this is a very bad change.

SSH is much more preferred than https for most people.
Are you talking about the absolutely normal, warning that its your first time connecting to github.com SSH message?

This is normal to accept that warning on first clone to github.

That only happens your first time, and you're effectively trading a once in a lifetime prompt for a prompt-every-time password prompt.

@ArashMotamedi
Copy link
Contributor Author

ArashMotamedi commented Feb 21, 2017

My suggestion is in line with Github's own recommended cloning approach: https://help.github.com/articles/which-remote-url-should-i-use/

And my motivation for making this recommendation was that as rookie git user on Windows, when I issued git clone {ssh-url} I was asked to verify the authenticity of the remote server, which was an unfamiliar message for me.

image

Whereas the https url seemed more familiar (and similar to clone instructions of other repos I'd encountered before) and did not require me to verify host authenticity.

@aikar
Copy link

aikar commented Feb 21, 2017

Yes https does have benefit in that it doesn't require the user to have a key on file just to clone public repos, but this really only affects first timers, and is usually a good poke and prod to get them to finish setting up their account.

So normally, repo's don't really need to worry about that detail. Github of course has to be "politically correct" and push the more "likely to not run into an error" approach.

I guess though since this is the 'demo instructions', https seems fine for that case (since also didn't consider that public repos aren't going to ask for authorization, just I never use https :P)

@gajus gajus merged commit a29e393 into gajus:master Mar 4, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants