Use HTTPS for manual git clone to avoid MITM (#6043)
The git:// transport is completely unauthenticated. An attacker on the local or upstream network can easily man-in-the-middle an oh-my-zsh update and get remote code execution on your system. Only the https:// git transport should be used.
Loading
Please register or sign in to comment