From 4fa4e5fe4ad356e1531bd60715b7e01f510ab083 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Donncha=20=C3=93=20Cearbhaill?= Date: Sun, 15 Apr 2018 18:47:38 +0200 Subject: [PATCH] Use HTTPS for manual git clone to avoid MITM (#6043) The git:// transport is completely unauthenticated. An attacker on the local or upstream network can easily man-in-the-middle an oh-my-zsh update and get remote code execution on your system. Only the https:// git transport should be used. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a6d74cbd2..128a07fb5 100644 --- a/README.md +++ b/README.md @@ -141,7 +141,7 @@ export ZSH="$HOME/.dotfiles/oh-my-zsh"; sh -c "$(curl -fsSL https://raw.githubus ##### 1. Clone the repository: ```shell -git clone git://github.com/robbyrussell/oh-my-zsh.git ~/.oh-my-zsh +git clone https://github.com/robbyrussell/oh-my-zsh.git ~/.oh-my-zsh ``` ##### 2. *Optionally*, backup your existing `~/.zshrc` file: