linux/ohmyzsh
1
0
Fork 0
mirror of https://github.com/ohmyzsh/ohmyzsh.git synced 2026-05-01 04:30:37 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Use HTTPS for manual git clone to avoid MITM

Browse source 
The git:// transport is completely unauthenticated. An attacker on the local or upstream network can easily man-in-the-middle an oh-my-zsh update and get remote code execution on your system. Only the https:// git transport should be used.
This commit is contained in:
Donncha O' Cearbhaill 2017-04-24 18:47:32 +02:00 committed by GitHub
commit fcf4c17eeb
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -120,7 +120,7 @@ export ZSH="$HOME/.dotfiles/oh-my-zsh"; sh -c "$(curl -fsSL https://raw.githubus
##### 1. Clone the repository:
```shell
git clone git://github.com/robbyrussell/oh-my-zsh.git ~/.oh-my-zsh
git clone https://github.com/robbyrussell/oh-my-zsh.git ~/.oh-my-zsh
```
##### 2. *Optionally*, backup your existing `~/.zshrc` file: