From: Andreas Ericsson <ae@op5.se>
To: Junio C Hamano <gitster@pobox.com>
Cc: Michael J Gruber <git@drmicha.warpmail.net>, git@vger.kernel.org
Subject: Re: [PATCH] fetch: Strip usernames from url's before storing them
Date: Wed, 15 Apr 2009 20:08:21 +0200 [thread overview]
Message-ID: <49E62295.3070100@op5.se> (raw)
In-Reply-To: <7viql5vnqd.fsf@gitster.siamese.dyndns.org>
Junio C Hamano wrote:
> Andreas Ericsson <ae@op5.se> writes:
>
>> The reason for this patch is that we published some repositories publicly
>> a week or two ago and one such malicious person started attacking all our
>> public servers with the usernames found in the commit messages.
>
> Interesting. Do you also worry about the names on committer and author
> lines?
We don't refuse anyone who's allowed to push by file-permissions. Perhaps
we should, but we don't. This was discovered as a nasty after-shock, and
"unfortunately" a bunch of people are already working with the commits
exposed by the code. Since we're not really affected at all by the bad
parts of the code, we've decided not to bother rewriting history. We'd
rather keep life simple for our contributors (we're not as lively a
community as git, so we can't afford to lose half a dozen just to protect
ourselves; It's better to just alter those usernames and keep going with
the history we've got).
--
Andreas Ericsson andreas.ericsson@op5.se
OP5 AB www.op5.se
Tel: +46 8-230225 Fax: +46 8-230231
Considering the successes of the wars on alcohol, poverty, drugs and
terror, I think we should give some serious thought to declaring war
on peace.
next prev parent reply other threads:[~2009-04-15 18:10 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-04-15 12:16 [PATCH] fetch: Strip usernames from url's before storing them Andreas Ericsson
2009-04-15 12:30 ` Michael J Gruber
2009-04-15 14:01 ` Andreas Ericsson
2009-04-15 17:19 ` Junio C Hamano
2009-04-15 18:08 ` Andreas Ericsson [this message]
2009-04-15 13:18 ` Johannes Sixt
2009-04-15 14:14 ` Andreas Ericsson
2009-04-15 14:30 ` [PATCH v2] " Andreas Ericsson
2009-04-15 17:19 ` Junio C Hamano
2009-04-15 20:45 ` Andreas Ericsson
2009-04-17 8:20 ` [PATCH v3] " Andreas Ericsson
2009-04-20 7:39 ` Andreas Ericsson
2009-04-20 8:36 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49E62295.3070100@op5.se \
--to=ae@op5.se \
--cc=git@drmicha.warpmail.net \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).