Donncha Ó Cearbhaill authored
The git:// transport is completely unauthenticated. An attacker on the local or upstream network can easily man-in-the-middle an oh-my-zsh update and get remote code execution on your system. Only the https:// git transport should be used.4fa4e5fe
To learn more about this project, read the wiki.