From: Jonathan Nieder <jrnieder@gmail.com>
To: Jeff King <peff@peff.net>
Cc: Shawn Pearce <spearce@spearce.org>,
Jonathan Tan <jonathantanmy@google.com>,
git <git@vger.kernel.org>
Subject: Re: [PATCH] fetch-pack: always allow fetching of literal SHA1s
Date: Thu, 11 May 2017 12:03:54 -0700 [thread overview]
Message-ID: <20170511190354.GA12516@aiede.svl.corp.google.com> (raw)
In-Reply-To: <20170511095925.grmyagv4hesxqprj@sigill.intra.peff.net>
Jeff King wrote:
> On Wed, May 10, 2017 at 10:00:44AM -0700, Jonathan Nieder wrote:
>> Jeff King wrote:
>>> [1] The reachability checks from upload-pack don't actually do much on
>>> GitHub, because you can generally access the objects via the API or
>>> the web site anyway.
[...]
>> Given that, what would make me really happy is if github enables
>> uploadpack.allowAnySHA1InWant. That would be useful for me, at least.
>
> One of my hesitations is that we've actually considered moving in the
> opposite direction. The object storage for all of the repositories in a
> network is shared, so I can fork git.git, push up malicious crap, and
> then point people to:
>
> https://github.com/git/git/commit/$sha1
>
> and it resolves. Obviously there's a social-engineering component to any
> such attack, but it's not great. And even without security in mind, it's
> potentially confusing.
[...]
> But even leaving all the refs/pull stuff aside, allowAnySHA1InWant does
> seem to increase that confusion, and I don't see a way around it short
> of never sharing objects between repositories at all. So I think at most
> we'd do allowReachableSHA1InWant.
I had guessed you didn't want to do allowReachableSHA1InWant for
performance reasons. (I haven't checked to what extent we are already
taking advantage of bitmaps to avoid a slow reachability check.) If I
was wrong and allowReachableSHA1InWant is on the table then it is of
course even better. :)
Thanks,
Jonathan
next prev parent reply other threads:[~2017-05-11 19:04 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-09 18:20 [PATCH] fetch-pack: always allow fetching of literal SHA1s Jonathan Tan
2017-05-09 22:16 ` Jeff King
2017-05-10 4:22 ` Shawn Pearce
2017-05-10 4:33 ` Jeff King
2017-05-10 4:46 ` Mike Hommey
2017-05-10 17:50 ` Ævar Arnfjörð Bjarmason
2017-05-10 18:20 ` Jonathan Nieder
2017-05-10 18:48 ` Martin Fick
2017-05-10 18:54 ` Jonathan Nieder
2017-05-10 4:57 ` Shawn Pearce
2017-05-10 17:00 ` Jonathan Nieder
2017-05-10 18:55 ` Sebastian Schuberth
2017-05-11 9:59 ` Jeff King
2017-05-11 19:03 ` Jonathan Nieder [this message]
2017-05-11 21:04 ` Jeff King
2017-05-10 16:44 ` [PATCH v2] " Jonathan Tan
2017-05-10 18:01 ` Jonathan Nieder
2017-05-10 22:11 ` [PATCH v3] " Jonathan Tan
2017-05-10 23:22 ` Jonathan Nieder
2017-05-11 9:46 ` Jeff King
2017-05-11 17:51 ` Jonathan Tan
2017-05-11 20:52 ` Jeff King
2017-05-11 10:05 ` Jeff King
2017-05-11 17:00 ` Brandon Williams
2017-05-13 9:29 ` Jeff King
2017-05-11 21:14 ` [PATCH v4] " Jonathan Tan
2017-05-11 21:35 ` Jonathan Nieder
2017-05-11 21:59 ` Jeff King
2017-05-11 22:30 ` [PATCH v5] " Jonathan Tan
2017-05-11 22:46 ` Jonathan Nieder
2017-05-12 2:59 ` Jeff King
2017-05-12 6:01 ` Junio C Hamano
2017-05-12 7:59 ` Jeff King
2017-05-12 8:14 ` Jeff King
2017-05-12 18:00 ` Jonathan Tan
2017-05-13 8:30 ` Jeff King
2017-05-12 18:09 ` Jonathan Tan
2017-05-12 19:06 ` Jonathan Nieder
2017-05-12 3:06 ` Jeff King
2017-05-12 20:45 ` Jonathan Tan
2017-05-12 20:46 ` [PATCH v6] " Jonathan Tan
2017-05-12 22:28 ` Jonathan Nieder
2017-05-13 8:36 ` Jeff King
2017-05-15 1:26 ` Junio C Hamano
2017-05-15 17:32 ` [PATCH v7] " Jonathan Tan
2017-05-15 17:46 ` Jonathan Nieder
2017-05-15 22:10 ` Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170511190354.GA12516@aiede.svl.corp.google.com \
--to=jrnieder@gmail.com \
--cc=git@vger.kernel.org \
--cc=jonathantanmy@google.com \
--cc=peff@peff.net \
--cc=spearce@spearce.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).