From: Jeff King <peff@peff.net>
To: Junio C Hamano <gitster@pobox.com>
Cc: "Carlos Martín Nieto" <cmn@elego.de>,
git@vger.kernel.org, "Albert Astals Cid" <aacid@kde.org>
Subject: Re: [PATCH] archive: re-allow HEAD:Documentation on a remote invocation
Date: Wed, 11 Jan 2012 21:59:10 -0500 [thread overview]
Message-ID: <20120112025910.GA26038@sigill.intra.peff.net> (raw)
In-Reply-To: <20120112025445.GB25365@sigill.intra.peff.net>
On Wed, Jan 11, 2012 at 09:54:45PM -0500, Jeff King wrote:
> On Wed, Jan 11, 2012 at 06:46:56PM -0800, Junio C Hamano wrote:
>
> > Carlos Martín Nieto <cmn@elego.de> writes:
> >
> > > The tightening done in (ee27ca4a: archive: don't let remote clients
> > > get unreachable commits, 2011-11-17) went too far and disallowed
> > > HEAD:Documentation as it would try to find "HEAD:Documentation" as a
> > > ref.
> >
> > I do not think it went too far. Actually we discussed this exact issue
> > when the topic was cooking, and saw no objections. The commit in question
> > itself advertises this restriction.
>
> I think you and I discussed it off list (I originally took this off-list
> because the original issue did have some security implications). So I
> don't think people necessarily had a chance to object.
Here is the only on-list discussion:
http://article.gmane.org/gmane.comp.version-control.git/186366
Quoted below:
>> * jk/maint-1.6.2-upload-archive (2011-11-21) 1 commit
>> - archive: don't let remote clients get unreachable commits
>> (this branch is used by jk/maint-upload-archive.)
>>
>> * jk/maint-upload-archive (2011-11-21) 1 commit
>> - Merge branch 'jk/maint-1.6.2-upload-archive' into
>> jk/maint-upload-archive
>> (this branch uses jk/maint-1.6.2-upload-archive.)
>>
>> Will merge to 'next' after taking another look.
>
> Thanks. I also have some followup patches to re-loosen to at least
> trees reachable from refs. Do you want to leave the tightening to
> the maint track, and then consider the re-loosening for master?
I was planning to first have the really tight version graduate to
'master' and ship it in 1.7.9, while possibly merging that to 1.7.8.X
series. If we hear complaints from real users in the meantime before
or after such releases, we could apply loosening patch on top of these
topics and call them "regression fix", but I have been assuming that
nobody would have been using this backdoor for anything that really
matters.
So now we have heard a complaint. :)
-Peff
next prev parent reply other threads:[~2012-01-12 2:59 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-01-10 21:18 [BUG] git archive broken in 1.7.8.1 Albert Astals Cid
2012-01-10 21:33 ` Carlos Martín Nieto
2012-01-10 22:05 ` Albert Astals Cid
2012-01-10 22:50 ` Carlos Martín Nieto
2012-01-10 23:21 ` Jeff King
2012-01-11 12:12 ` [PATCH] archive: re-allow HEAD:Documentation on a remote invocation Carlos Martín Nieto
2012-01-11 19:39 ` Jeff King
2012-01-11 19:42 ` [PATCH 1/2] get_sha1_with_context: report features used in resolution Jeff King
2012-01-12 2:36 ` Junio C Hamano
2012-01-12 2:51 ` Jeff King
2012-01-11 19:42 ` [PATCH 2/2] archive: loosen restrictions on remote object lookup Jeff King
2013-05-29 12:05 ` Ian Harvey
2013-06-05 16:38 ` Jeff King
2013-06-05 22:35 ` [RFC/PATCH 0/4] real reachability checks for upload-archive Jeff King
2013-06-05 22:37 ` [PATCH 1/4] clear parsed flag when we free tree buffers Jeff King
2013-06-06 17:55 ` Junio C Hamano
2013-06-05 22:39 ` [PATCH 2/4] upload-archive: restrict remote objects with reachability check Jeff King
2013-06-05 22:40 ` [PATCH 3/4] list-objects: optimize "revs->blob_objects = 0" case Jeff King
2013-06-05 22:40 ` [PATCH 4/4] archive: ignore blob objects when checking reachability Jeff King
2013-06-06 7:57 ` Michael Haggerty
2013-06-07 0:50 ` Eric Sunshine
2013-06-06 17:27 ` [RFC/PATCH 0/4] real reachability checks for upload-archive Junio C Hamano
2012-01-12 2:46 ` [PATCH] archive: re-allow HEAD:Documentation on a remote invocation Junio C Hamano
2012-01-12 2:54 ` Jeff King
2012-01-12 2:59 ` Jeff King [this message]
2012-01-12 3:03 ` Junio C Hamano
2012-01-12 3:10 ` Jeff King
2012-01-12 3:20 ` Junio C Hamano
2012-01-10 23:01 ` [BUG] git archive broken in 1.7.8.1 Allan Wind
2012-01-11 12:51 ` Carlos Martín Nieto
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120112025910.GA26038@sigill.intra.peff.net \
--to=peff@peff.net \
--cc=aacid@kde.org \
--cc=cmn@elego.de \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).