New Git URLs

I recently read an article talking about the supply chain vulnerability of accessing Git using the git:// protocol instead of https://. Because the Git protocol is not encrypted, it would be possible for a well-positioned attacker to perform a Man In The Middle (MITM) attack when a client like F-Droid is cloning the repository. This would then cause F-Droid to build Privacy Browser with whatever modifications the MITM attacker inserted into the source code.

The solution to this problem is to use HTTPS, which isn’t as efficient a protocol when it comes to Git repositories, but it is encrypted, which thwarts a MITM attack unless the attacker is also able to acquire a valid SSL certificate for my domain.

Making this change requires modifying the URLs used to clone Privacy Browser’s repository. Previously the command was:

git clone git://

Now it is:

git clone

Similarly the new command to clone the repository for the Privacy Browser ROM Integration is:

git clone


git clone


git clone

Making this change also requires changing the URL used for GitWeb to avoid a collision. Previously, the URL for GitWab used the domain.;a=summary

Now it has changed to the domain.;a=summary

This means that old links in will not work unless updated. If I ever need to look at an old issue I will update the URL. Otherwise, if you want to follow one of the links, you can modify it yourself to switch to the new domain.

Leave a comment

Your email address will not be published. Required fields are marked *