From: Richard Maw <richard.maw@codethink.co.uk>
To: Junio C Hamano <gitster@pobox.com>
Cc: git@vger.kernel.org
Subject: Re: Some issues when trying to set up a shallow git mirror server
Date: Fri, 8 Jan 2016 10:19:03 +0000 [thread overview]
Message-ID: <20160108101903.GC3397@logi.codethink.co.uk> (raw)
In-Reply-To: <xmqq4mep5kyg.fsf@gitster.mtv.corp.google.com>
On Thu, Jan 07, 2016 at 10:00:07AM -0800, Junio C Hamano wrote:
> Richard Maw <richard.maw@codethink.co.uk> writes:
> > This is inconvenient for us,
> > as we were explicitly using refspecs which didn't force the fetch,
> > since we were using the "non fast-forward update" errors
> > to detect whether upstream force pushed important refs
> > which could be a sign of tampering.
> >
> > While the client doesn't have enough information
> > the server has those commits.
> > Would it make sense for the server to be able to tell the client
> > "trust me, that commit is a descendant of the previous one"?
>
> It does not in our security model, as you do not blindly trust the
> other side, whether you are a "client" or a "server".
Fair enough.
I didn't know whether Git passed responsibility for that to the transport layer.
Would a mode for fetch to also include the commit chain without the trees fit
the security model?
next prev parent reply other threads:[~2016-01-08 10:19 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-07 16:54 Some issues when trying to set up a shallow git mirror server Richard Maw
2016-01-07 18:00 ` Junio C Hamano
2016-01-08 10:19 ` Richard Maw [this message]
2016-01-08 10:44 ` Duy Nguyen
2016-01-08 10:52 ` Richard Maw
2016-01-08 21:37 ` Junio C Hamano
2016-01-11 15:51 ` Richard Maw
2016-01-12 18:29 ` Junio C Hamano
2016-01-13 11:37 ` Richard Maw
2016-01-13 17:14 ` Junio C Hamano
2016-01-13 17:43 ` Richard Maw
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160108101903.GC3397@logi.codethink.co.uk \
--to=richard.maw@codethink.co.uk \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.