https://cygwin.com/git.html recommends the use of git:// for accessing
the cygwin git repo. However, git:// suffers from man-in-the-middle
attacks, in comparison to https://. On the other hand, performance of
https:// is much worse than git:// UNLESS the git server is running a
new enough version of git, such that it advertises
application/x-git-upload-pack-advertisement support.

Alas, the current sourceware server is running an old version of git:

$ wget -S
'http://sourceware.org/git/newlib-cygwin.git/info/refs?service=git-upload-pack'
2>&1 | grep Content-Type
Content-Type: text/plain; charset=UTF-8

Contrast that with other git repos:

$ wget -S
'https://repo.or.cz/qemu.git/info/refs?service=git-upload-pack' 2>&1 |
grep Content-Type
Content-Type: application/x-git-upload-pack-advertisement

Is there a chance we can get sourceware to upgrade to a newer git
server, and then update our recommendations to point people to https://
clones instead of insecure git://, and without the current speed penalty
that current https:// access through our non-upgraded server provides?