wilderjds
/
oh-my-zsh
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use HTTPS for manual git clone to avoid MITM (#6043)

Browse Source 
The git:// transport is completely unauthenticated. An attacker on the local or upstream network can easily man-in-the-middle an oh-my-zsh update and get remote code execution on your system. Only the https:// git transport should be used.
master
Donncha Ó Cearbhaill 8 years ago committed by Marc Cornellà
parent ccd02866f6
commit 4fa4e5fe4a
1 changed files with 1 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      README.md

2
README.md
Unescape View File

@ -141,7 +141,7 @@ export ZSH="$HOME/.dotfiles/oh-my-zsh"; sh -c "$(curl -fsSL https://raw.githubus
##### 1. Clone the repository:
```shell
git clone git://github.com/robbyrussell/oh-my-zsh.git ~/.oh-my-zsh
git clone https://github.com/robbyrussell/oh-my-zsh.git ~/.oh-my-zsh
```
##### 2. *Optionally*, backup your existing `~/.zshrc` file:

Write Preview
Loading…
Cancel
Save