commit 939158694a1c0de8c5731b118a33a7877116a80d
parent ad7bde637339d28f0cd3166b9f47777a25014ab5
Author: Robert Russell <robert@rr3.xyz>
Date: Wed, 20 May 2026 15:47:57 -0700
Create README
Diffstat:
| A | README | | | 22 | ++++++++++++++++++++++ |
1 file changed, 22 insertions(+), 0 deletions(-)
diff --git a/README b/README
@@ -0,0 +1,22 @@
+Using HTTP(S) for everything is silly. In particular, Git should use the Git
+protocol (`git://`), naturally. Since the Git protocol is insecure by default
+(e.g., a man-in-the-middle could modify files during clone), we should run it
+over TLS, obtaining the "Gits" protocol (`gits://`).
+
+Thankfully, the `git` tool makes it easy to add new protocols (see
+gitremote-helpers(7)). Here are the steps required to start using Gits:
+
+Servers:
+ 1. Run `git daemon`, just like you would to serve `git://`. Optionally,
+ you may serve it only locally, to prevent access to the insecure
+ `git://`.
+ 2. Run a TLS tunnel to terminate TLS and exchange unencrypted traffic
+ locally with the Git daemon.
+ - Public side `IP:port`: <whatever you want>:9419
+ - Private side `IP:port`: localhost:9418
+
+Clients:
+ 1. Install `ncat` (from the `nmap` package) and the `git-remote-gits`
+ script from this repo (to somewhere on PATH).
+ 2. That's it! The `git` tool now defers to `git-remote-gits` for URLs of
+ form `gits://host[:port][/path]`.