From: Junio C Hamano <gitster@pobox.com>
To: Jonathan Tan <jonathantanmy@google.com>
Cc: git@vger.kernel.org, peff@peff.net
Subject: Re: [RFC PATCH] t5551: delete auth-for-pack-but-not-refs test
Date: Fri, 22 Mar 2019 11:20:34 +0900 [thread overview]
Message-ID: <xmqq36nfsl8t.fsf@gitster-ct.c.googlers.com> (raw)
In-Reply-To: <20190321174719.151877-1-jonathantanmy@google.com> (Jonathan Tan's message of "Thu, 21 Mar 2019 10:47:19 -0700")
Jonathan Tan <jonathantanmy@google.com> writes:
> Because this configuration is not supported by all protocol versions,
> and because this configuration seems to be of limited usefulness (only
> useful for people who use manual credential entry and on servers that
> are OK with exposing refs but not objects, and even in this case, helps
> only in a no-op fetch), delete the test that verifies that this
> configuration works.
A possible and different conclusion that naturally follow your first
"because" could be "fix protocol versions whose support of this
configuration is broken", and your second "because" is with "seems
to be", that makes it quite weak.
Quite honestly, I hate to see a proposed log message that downplays
its potential negative effects without sufficient justification.
Isn't this feature primarily for those who want to poll from an
automated job (and naturally you want to assign as little privilege
as possible to such an automated job) with ls-remote and only run an
authenticated fetch, perhaps manually, with or without cred helper,
when the automated polling job finds there is something worthwhile
to fetch? What this test is checking seems to be a quite effective
way to achieve that useful workflow, at least to me, and offhand I
do not think of other ways to easily achieve the same.
The "ls-remote" communication may not even touch any outside network
but may be happening all within a single organization, in which case
"are OK with exposing refs" is making a security mountain out of a
molehill. If it were a truly problematic hole that makes it a
security issue, wouldn't we deleting this test and at the same time
plugging the hole for earlier protocol versions?
Having said all that, I do not care too deeply. Would a much better
longer-term solution for those who want to poll and fetch only when
there is something new be to allow clients to subscribe to a feed
that hangs while there is nothing new, and lets the upstream side
continuously feed incremental updates to the receiving client, as
its refs are updated, or something? As long as such a thing is in
our vision (it is OK if nobody is currently working on it) to become
replacement, I do not think it is a huge loss to lose the ability for
unauthenticated ls-remote with authenticated fetch.
Thanks.
next prev parent reply other threads:[~2019-03-22 2:20 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-21 17:47 [RFC PATCH] t5551: delete auth-for-pack-but-not-refs test Jonathan Tan
2019-03-21 19:55 ` Jeff King
2019-03-21 20:02 ` Jeff King
2019-03-21 20:24 ` Jonathan Tan
2019-03-21 21:48 ` Jeff King
2019-03-21 22:36 ` Jonathan Tan
2019-03-22 2:20 ` Junio C Hamano [this message]
2019-03-22 17:20 ` Jonathan Tan
2019-03-22 19:01 ` [PATCH v2] t5551: mark half-auth no-op fetch test as v0-only Jonathan Tan
2019-03-23 7:05 ` Jeff King
2019-04-06 11:31 ` Jonathan Nieder
2019-04-08 17:01 ` Jonathan Tan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqq36nfsl8t.fsf@gitster-ct.c.googlers.com \
--to=gitster@pobox.com \
--cc=git@vger.kernel.org \
--cc=jonathantanmy@google.com \
--cc=peff@peff.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).