From: Jonathan Nieder <jrnieder@gmail.com>
To: Stefan Beller <sbeller@google.com>
Cc: Jonathan Tan <jonathantanmy@google.com>,
"git@vger.kernel.org" <git@vger.kernel.org>
Subject: Re: [PATCH 2/3] receive-pack: verify push options in cert
Date: Fri, 5 May 2017 17:20:07 -0700 [thread overview]
Message-ID: <20170506002007.GL28740@aiede.svl.corp.google.com> (raw)
In-Reply-To: <CAGZ79ka4vG1yd1JtK9bDBjWPUG0UCPMvw2XQUsfX_e_xFCpVLA@mail.gmail.com>
Hi,
Stefan Beller wrote:
> On Fri, May 5, 2017 at 4:46 PM, Jonathan Tan <jonathantanmy@google.com> wrote:
>> This sets in stone the requirement that send-pack redundantly send its
>> push options in 2 places, but I think that this is better than the
>> alternatives. Sending push options only within the cert is
>> backwards-incompatible with existing Git servers (which read push
>> options only from outside the cert), and sending push options only
>> outside the cert means that the push options are not signed for.
>
> As the combination of push certs and push options are broken
> (at least when using JGit as well, which are used in Gerrit
> installations), I would not feel too bad about actually going
> the backwards-incompatible way.
Per offline discussion, what you're proposing is to omit the second
copy of push options from the client request, so the server does not
have to see two copies. I agree that that would be a better protocol,
but I think that ship has sailed.
Current versions of git the client and git the server are able to
interoperate without trouble (though the server-side bug is ugly in
terms of what the push certs mean).
Current versions of JGit the server *require* that the push options be
omitted from the push certificate. I don't think there exists a
sensible way to interoperate with that, so we can ignore that JGit
server behavior as a bug (like you've said).
If we want to omit the second copy of the push certs (which sounds
like a reasonable thing to want), that would require a new capability
to be added to the protocol to do so. That way, interoperability with
existing versions of git the client wouldn't be broken. That could
happen on top of this series --- it is not needed for fixing the bug
that this series fixes.
To summarize:
1. I agree that we shouldn't feel bad about breaking compatibility
with the JGit server behavior at issue, since there is no
reasonable way to be compatible with it. And that's what this
series does --- it breaks compatibility with the broken versions
of JGit server and picks what the Git client has been doing
instead.
2. I don't think we should break new versions of Git's ability to
interoperate with current versions of the server, even though I
consider the current server behavior to be broken.
3. If someone is interested in getting rid of the redundant second
copy of push options, we have a way to do so, by introducing a
new capability
Thanks,
Jonathan
next prev parent reply other threads:[~2017-05-06 0:20 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-05 23:46 [PATCH 0/3] Clarify interaction between signed pushes and push options Jonathan Tan
2017-05-05 23:46 ` [PATCH 1/3] docs: correct receive.advertisePushOptions default Jonathan Tan
2017-05-05 23:50 ` Brandon Williams
2017-05-05 23:53 ` Stefan Beller
2017-05-05 23:58 ` Jonathan Nieder
2017-05-05 23:46 ` [PATCH 2/3] receive-pack: verify push options in cert Jonathan Tan
2017-05-06 0:02 ` Stefan Beller
2017-05-06 0:06 ` Brandon Williams
2017-05-06 0:20 ` Jonathan Nieder [this message]
2017-05-06 0:10 ` Jonathan Nieder
2017-05-05 23:46 ` [PATCH 3/3] protocol docs: explain receive-pack push options Jonathan Tan
2017-05-06 0:10 ` Stefan Beller
2017-05-06 0:26 ` Jonathan Nieder
2017-05-08 21:27 ` Jonathan Tan
2017-05-08 5:44 ` [PATCH 0/3] Clarify interaction between signed pushes and " Junio C Hamano
2017-05-08 21:33 ` [PATCH v2 0/2] " Jonathan Tan
2017-05-08 21:33 ` [PATCH v2 1/2] docs: correct receive.advertisePushOptions default Jonathan Tan
2017-05-08 21:33 ` [PATCH v2 2/2] receive-pack: verify push options in cert Jonathan Tan
2017-05-09 3:15 ` Junio C Hamano
2017-05-09 3:34 ` Junio C Hamano
2017-05-09 16:45 ` [PATCH] fixup! use perl instead of sed Jonathan Tan
2017-05-09 17:00 ` Ævar Arnfjörð Bjarmason
2017-05-09 19:23 ` [PATCH v3 0/2] Clarify interaction between signed pushes and push options Jonathan Tan
2017-05-09 21:01 ` [PATCH v3] fixup! don't use perl -i because it's not portable Jonathan Tan
2017-05-09 19:23 ` [PATCH v3 1/2] docs: correct receive.advertisePushOptions default Jonathan Tan
2017-05-09 19:23 ` [PATCH v3 2/2] receive-pack: verify push options in cert Jonathan Tan
2017-05-09 20:43 ` [PATCH] fixup! use perl instead of sed Johannes Sixt
2017-05-09 21:04 ` Jonathan Tan
2017-05-09 21:08 ` Ævar Arnfjörð Bjarmason
2017-05-09 22:38 ` Junio C Hamano
2017-05-09 23:44 ` Ævar Arnfjörð Bjarmason
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170506002007.GL28740@aiede.svl.corp.google.com \
--to=jrnieder@gmail.com \
--cc=git@vger.kernel.org \
--cc=jonathantanmy@google.com \
--cc=sbeller@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).