From a1075f45cca3919a49192f94da366a423bdb6c4b Mon Sep 17 00:00:00 2001
From: Hans-Christoph Steiner <hans@eds.org>
Date: Mon, 5 Feb 2018 14:43:39 +0100
Subject: [PATCH] git-svn: require working HTTPS for all Subversion URLs

Subversion does not verify each commit as strongly as git does, so HTTPS is
really important.  Also, there is the possibility of injecting code into
`fdroid checkupdate` calls if plain HTTP is used.
---
 fdroidserver/common.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/fdroidserver/common.py b/fdroidserver/common.py
index 6b34969f..938b1c15 100644
--- a/fdroidserver/common.py
+++ b/fdroidserver/common.py
@@ -1004,6 +1004,9 @@ class vcs_gitsvn(vcs):
             else:
                 remote = self.remote
 
+            if not remote.startswith('https://'):
+                raise VCSException(_('HTTPS must be used with Subversion URLs!'))
+
             gitsvn_args.extend(['--', remote, self.local])
             p = self.git(gitsvn_args)
             if p.returncode != 0: