diff options
Diffstat (limited to 'tags/v/vcs-field-uses-insecure-uri.tag')
| -rw-r--r-- | tags/v/vcs-field-uses-insecure-uri.tag | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/tags/v/vcs-field-uses-insecure-uri.tag b/tags/v/vcs-field-uses-insecure-uri.tag new file mode 100644 index 0000000..489e28f --- /dev/null +++ b/tags/v/vcs-field-uses-insecure-uri.tag @@ -0,0 +1,11 @@ +Tag: vcs-field-uses-insecure-uri +Severity: info +Check: fields/vcs +Explanation: The Vcs-* field uses an unencrypted transport protocol for the + URI. It is recommended to use a secure transport such as HTTPS for + anonymous read-only access. + . + Note that you can often just exchange e.g. git:// with https:// for + repositories. Though, in some cases (bzr's "lp:" or CVS's pserver) it + might not be possible to use an alternative url and still have a + working (anonymous read-only) repository. |