Files · 4fa4e5fe4ad356e1531bd60715b7e01f510ab083 · github / oh-my-zsh

Use HTTPS for manual git clone to avoid MITM (#6043) · 4fa4e5fe

Donncha Ó Cearbhaill authored Apr 15, 2018

The git:// transport is completely unauthenticated. An attacker on the local or upstream network can easily man-in-the-middle an oh-my-zsh update and get remote code execution on your system. Only the https:// git transport should be used.

4fa4e5fe

Name	Last commit	Last update
cache		Loading commit data...
custom		Loading commit data...
lib		Loading commit data...
log		Loading commit data...
plugins		Loading commit data...
templates		Loading commit data...
themes		Loading commit data...
tools		Loading commit data...
.gitignore		Loading commit data...
CONTRIBUTING.md		Loading commit data...
LICENSE.txt		Loading commit data...
README.md		Loading commit data...
oh-my-zsh.sh		Loading commit data...

README.md

Download source code