mirror of
https://github.com/ohmyzsh/ohmyzsh.git
synced 2024-11-25 23:30:08 +00:00
Use HTTPS for manual git clone to avoid MITM (#6043)
The git:// transport is completely unauthenticated. An attacker on the local or upstream network can easily man-in-the-middle an oh-my-zsh update and get remote code execution on your system. Only the https:// git transport should be used.
This commit is contained in:
parent
ccd02866f6
commit
4fa4e5fe4a
1 changed files with 1 additions and 1 deletions
|
@ -141,7 +141,7 @@ export ZSH="$HOME/.dotfiles/oh-my-zsh"; sh -c "$(curl -fsSL https://raw.githubus
|
||||||
##### 1. Clone the repository:
|
##### 1. Clone the repository:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
git clone git://github.com/robbyrussell/oh-my-zsh.git ~/.oh-my-zsh
|
git clone https://github.com/robbyrussell/oh-my-zsh.git ~/.oh-my-zsh
|
||||||
```
|
```
|
||||||
|
|
||||||
##### 2. *Optionally*, backup your existing `~/.zshrc` file:
|
##### 2. *Optionally*, backup your existing `~/.zshrc` file:
|
||||||
|
|
Loading…
Reference in a new issue