From: Jeff King <peff@peff.net>
To: Johannes Sixt <j.sixt@viscovery.net>
Cc: Junio C Hamano <gitster@pobox.com>,
Roberto Tyley <roberto.tyley@gmail.com>,
git@vger.kernel.org
Subject: Re: commit-message attack for extracting sensitive data from rewritten Git history
Date: Tue, 9 Apr 2013 13:01:59 -0400 [thread overview]
Message-ID: <20130409170159.GC21972@sigill.intra.peff.net> (raw)
In-Reply-To: <5163AF2C.2020107@viscovery.net>
On Tue, Apr 09, 2013 at 08:03:24AM +0200, Johannes Sixt wrote:
> Am 4/8/2013 23:54, schrieb Jeff King:
> > Yeah, it would make sense for filter-branch to have a "--map-commit-ids"
> > option or similar that does the update. At first I thought it might take
> > two passes, but I don't think it is necessary, as long as we traverse
> > the commits topologically (i.e., you cannot have mentioned X in a commit
> > that is an ancestor of X, so you do not have to worry about mapping it
> > until after it has been processed).
>
> Topological traversal is not sufficient. Consider this history:
>
> o--A--o--
> / /
> --o--B--o
>
> If A mentions B (think of cherry-pick -x), then you must ensure that the
> branch containing B was traversed first.
Yeah, you're right. Multiple passes are necessary to get it
completely right. And because each pass may change more commit id's, you
have to recurse to pick up those changes, and keep going until you have
a pass with no changes.
But I haven't thought that hard about it. There might be a clever
optimization where you can prune out parts of the history (e.g., if you
know that all changes to consider are in descendants of a commit, you do
not have to care about rewriting the commit or its ancestors).
-Peff
next prev parent reply other threads:[~2013-04-09 17:02 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-07 23:17 commit-message attack for extracting sensitive data from rewritten Git history Roberto Tyley
2013-04-08 15:40 ` Junio C Hamano
2013-04-08 21:54 ` Jeff King
2013-04-09 6:03 ` Johannes Sixt
2013-04-09 17:01 ` Jeff King [this message]
2013-04-09 18:08 ` Roberto Tyley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130409170159.GC21972@sigill.intra.peff.net \
--to=peff@peff.net \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=j.sixt@viscovery.net \
--cc=roberto.tyley@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).