From: Junio C Hamano <gitster@pobox.com>
To: Mark Thomas <markbt@efaref.net>
Cc: git@vger.kernel.org
Subject: Re: [RFC 0/4] Shallow clones with on-demand fetch
Date: Mon, 06 Mar 2017 11:18:30 -0800 [thread overview]
Message-ID: <xmqqr32anri1.fsf@junio-linux.mtv.corp.google.com> (raw)
In-Reply-To: <20170304191901.9622-1-markbt@efaref.net> (Mark Thomas's message of "Sat, 4 Mar 2017 19:18:57 +0000")
Mark Thomas <markbt@efaref.net> writes:
> This is a proof-of-concept, so it is in no way complete. It contains a
> few hacks to make it work, but these can be ironed out with a bit more
> work. What I have so far is sufficient to try out the idea.
Two things that immediately come to mind (which may or may not be
real issues) are
(1) What (if any) security model you have in mind.
From object-confidentiality's point of view, this needs to be
enabled only on a host that allows
uploadpack.allowAnySHA1InWant but even riskier.
From DoS point of view, you can make a short 40-byte request to
cause the other side emit megabytes of stuff. I do not think
it is a new problem (anybody can repeatedly request a clone of
large stuff), but there may be new ramifications.
(2) If the interface to ask just one object kills the whole idea
due to roundtrip latency.
You may want to be able to say "I want all objects reachable
from this tree; please give me a packfile of needed objects
assuming that I have all objects reachable from this other tree
(or these other trees)".
next prev parent reply other threads:[~2017-03-06 19:25 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-04 19:18 [RFC 0/4] Shallow clones with on-demand fetch Mark Thomas
2017-03-04 19:18 ` [RFC 1/4] upload-file: Add upload-file command Mark Thomas
2017-03-04 19:18 ` [RFC 2/4] on-demand: Fetch missing files from remote Mark Thomas
2017-03-04 19:19 ` [RFC 3/4] upload-pack: Send all commits if client requests on-demand Mark Thomas
2017-03-04 19:19 ` [RFC 4/4] clone: Request on-demand shallow clones Mark Thomas
2017-03-06 19:16 ` [RFC 0/4] Shallow clones with on-demand fetch Jonathan Tan
2017-03-06 20:01 ` Stefan Beller
2017-03-06 19:18 ` Junio C Hamano [this message]
2017-03-07 9:42 ` Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqr32anri1.fsf@junio-linux.mtv.corp.google.com \
--to=gitster@pobox.com \
--cc=git@vger.kernel.org \
--cc=markbt@efaref.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).