From: Herbert Georg Fischer <herbert.fischer@gmail.com>
Date: Fri, 15 Mar 2013 20:43:10 +0000 (-0700)
Subject: doc: explain why cmd/go uses https for repositories and how to work around it
X-Git-Tag: go1.1rc2~476
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=99021b767f991bba547c282f173f63cf997b58c3;p=gostls13.git

doc: explain why cmd/go uses https for repositories and how to work around it
Fixes #3418.

R=golang-dev, r
CC=adg, golang-dev
https://golang.org/cl/7712045
---

diff --git a/doc/go_faq.html b/doc/go_faq.html
index fab1702a21..3e742d9f78 100644
--- a/doc/go_faq.html
+++ b/doc/go_faq.html
@@ -949,6 +949,38 @@ combined with the Go project's mostly linear, non-branching use of
 version control, a switch to git doesn't seem worthwhile.
 </p>
 
+<h3 id="git_https">
+Why does "go get" use HTTPS when cloning a repository?</h3>
+
+<p>
+Companies often permit outgoing traffic only on the standard TCP ports 80 (HTTP)
+and 443 (HTTPS), blocking outgoing traffic on other ports, including TCP port 9418 
+(git) and TCP port 22 (SSH).
+When using HTTPS instead of HTTP, <code>git</code> enforces certificate validation by
+default, providing protection against man-in-the-middle, eavesdropping and tampering attacks.
+The <code>go get</code> command therefore uses HTTPS for safety.
+</p>
+
+<p>
+If you use <code>git</code> and prefer to push changes through SSH using your existing key 
+it's easy to work around this. For GitHub, try one of these solutions:
+</p>
+<ul>
+<li>Manually clone the repository in the expected package directory:
+<pre>
+$ cd $GOPATH/src/github.com/username
+$ git clone git@github.com:username/package.git
+</pre>
+</li>
+<li>Force <code>git push</code> to use the <code>SSH</code> protocol by appending
+these two lines to <code>~/.gitconfig</code>:
+<pre>
+[url "git@github.com:"]
+	pushInsteadOf = https://github.com/
+</pre>
+</li>
+</ul>
+
 <h2 id="Pointers">Pointers and Allocation</h2>
 
 <h3 id="pass_by_value">