From fcf4c17eeb308578bb9c4f91cbe36deb8e2dbcc4 Mon Sep 17 00:00:00 2001
From: Donncha O' Cearbhaill <donncha@donncha.is>
Date: Mon, 24 Apr 2017 18:47:32 +0200
Subject: [PATCH] Use HTTPS for manual git clone to avoid  MITM

The git:// transport is completely unauthenticated. An attacker on the local or upstream network can easily man-in-the-middle an oh-my-zsh update and get remote code execution on your system. Only the https:// git transport should be used.
---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 54107b1cb..07eeedf0b 100644
--- a/README.md
+++ b/README.md
@@ -120,7 +120,7 @@ export ZSH="$HOME/.dotfiles/oh-my-zsh"; sh -c "$(curl -fsSL https://raw.githubus
 ##### 1. Clone the repository:
 
 ```shell
-git clone git://github.com/robbyrussell/oh-my-zsh.git ~/.oh-my-zsh
+git clone https://github.com/robbyrussell/oh-my-zsh.git ~/.oh-my-zsh
 ```
 
 ##### 2. *Optionally*, backup your existing `~/.zshrc` file: