From: Christian Couder <christian.couder@gmail.com>
To: Jonathan Tan <jonathantanmy@google.com>
Cc: "brian m. carlson" <sandals@crustytoothpaste.net>,
git <git@vger.kernel.org>
Subject: Re: [WIP RFC 2/5] Documentation: add Packfile URIs design doc
Date: Tue, 19 Feb 2019 14:22:29 +0100 [thread overview]
Message-ID: <CAP8UFD0VPZEhBTUb--n5RHECUkO81aPcGkTYGi0fqd35rnKr3Q@mail.gmail.com> (raw)
In-Reply-To: <20181204192904.40409-1-jonathantanmy@google.com>
On Tue, Dec 4, 2018 at 8:31 PM Jonathan Tan <jonathantanmy@google.com> wrote:
>
> > Some thoughts here:
> >
> > First, I'd like to see a section (and a bit in the implementation)
> > requiring HTTPS if the original protocol is secure (SSH or HTTPS).
> > Allowing the server to downgrade to HTTP, even by accident, would be a
> > security problem.
> >
> > Second, this feature likely should be opt-in for SSH. One issue I've
> > seen repeatedly is that people don't want to use HTTPS to fetch things
> > when they're using SSH for Git. Many people in corporate environments
> > have proxies that break HTTP for non-browser use cases[0], and using SSH
> > is the only way that they can make a functional Git connection.
>
> Good points about SSH support and the client needing to control which
> protocols the server will send URIs for. I'll include a line in the
> client request in which the client can specify which protocols it is OK
> with.
What if a client is ok to fetch from some servers but not others (for
example github.com and gitlab.com but nothing else)?
Or what if a client is ok to fetch using SSH from some servers and
HTTPS from other servers but nothing else?
I also wonder in general how this would interact with promisor/partial
clone remotes.
When we discussed promisor/partial clone remotes in the thread
following this email:
https://public-inbox.org/git/20181016174304.GA221682@aiede.svl.corp.google.com/
it looked like you were ok with having many promisor remotes, which I
think could fill the same use cases especially related to large
objects.
As clients would configure promisor remotes explicitly, there would be
no issues about which protocol and servers are allowed or not.
If the issue is that you want the server to decide which promisor
remotes would be used without the client having to do anything, maybe
that could be something added on top of the possibility to have many
promisor remotes.
next prev parent reply other threads:[~2019-02-19 13:22 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-03 23:37 [WIP RFC 0/5] Design for offloading part of packfile response to CDN Jonathan Tan
2018-12-03 23:37 ` [WIP RFC 1/5] Documentation: order protocol v2 sections Jonathan Tan
2018-12-05 4:10 ` Junio C Hamano
2018-12-06 22:54 ` Jonathan Tan
2018-12-09 0:15 ` Junio C Hamano
2018-12-03 23:37 ` [WIP RFC 2/5] Documentation: add Packfile URIs design doc Jonathan Tan
2018-12-04 0:21 ` Stefan Beller
2018-12-04 1:54 ` brian m. carlson
2018-12-04 19:29 ` Jonathan Tan
2019-02-19 13:22 ` Christian Couder [this message]
2019-02-19 20:10 ` Jonathan Tan
2019-02-22 11:35 ` Christian Couder
2019-02-19 13:44 ` Ævar Arnfjörð Bjarmason
2019-02-21 1:09 ` brian m. carlson
2019-02-22 9:34 ` Ævar Arnfjörð Bjarmason
2018-12-05 5:02 ` Junio C Hamano
2018-12-05 5:55 ` Junio C Hamano
2018-12-06 23:16 ` Jonathan Tan
2019-02-19 14:28 ` Ævar Arnfjörð Bjarmason
2019-02-19 22:06 ` Jonathan Tan
2018-12-03 23:37 ` [WIP RFC 3/5] upload-pack: refactor reading of pack-objects out Jonathan Tan
2018-12-04 0:30 ` Stefan Beller
2018-12-05 6:30 ` Junio C Hamano
2018-12-03 23:37 ` [WIP RFC 4/5] upload-pack: refactor writing of "packfile" line Jonathan Tan
2018-12-06 6:35 ` Junio C Hamano
2018-12-06 23:25 ` Jonathan Tan
2018-12-07 0:22 ` Junio C Hamano
2018-12-03 23:37 ` [WIP RFC 5/5] upload-pack: send part of packfile response as uri Jonathan Tan
2018-12-04 20:09 ` Stefan Beller
2018-12-04 0:01 ` [WIP RFC 0/5] Design for offloading part of packfile response to CDN Stefan Beller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAP8UFD0VPZEhBTUb--n5RHECUkO81aPcGkTYGi0fqd35rnKr3Q@mail.gmail.com \
--to=christian.couder@gmail.com \
--cc=git@vger.kernel.org \
--cc=jonathantanmy@google.com \
--cc=sandals@crustytoothpaste.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).