Page MenuHome GnuPG

libassuan git URL returns 404
Open, LowPublic



Clone URL specified in;a=summary for protocol https:// returns 404:

$ git clone
Cloning into 'libassuan'...
fatal: repository '' not found

URL with protocol git:// work as expected, however git:// being vulnerable to MITM, providing valid https:// URL would be beneficial to prevent tampering


Event Timeline

beber created this object in space S1 Public.
$ git tag -v libassuan-2.5.6
object 6b50ee6bcdd6aa81bd7cc3fb2379864c3ed479b8
type commit
tag libassuan-2.5.6
tagger Werner Koch <> 1687164166 +0200

small bug fixes for 2.5
gpg: Signature made Mo 19 Jun 2023 10:42:46 CEST
gpg:                using EDDSA key 6DAA6E64A76D2840571B4902528897B826403ADA
gpg: Good signature from "Werner Koch (dist signing 2020)" [undefined]
werner claimed this task.
werner added a subscriber: werner.

Thanks Ingo.

To further explain this: What you get with https is some kind of low end authentication using the the public TLS PKI. And that is all what you get. With signed commits you get what the developers actually wrote and have in the working copies. For the GnuPG core developer's we are even using tokens with a signature counter to reduce the risk of malware triggred signatures.

If for other reasons https: is required, please use the git repo at

beber reopened this task as Open.EditedMar 4 2024, 9:02 PM

I'm re-opening this as I don't believe we went through full extent here.

GnuPG gitweb (as in;a=summary) describe https:// as a usable protocol to clone the repository, but as you pointed out, they are currently set up. Would it make sense to just remove https:// clone URL from gitweb to remove confusion from users ?


We migrated to another box and it might be the case that we planned to also support https. I need to see whetehr I can find notes in the etckeeper.