From: Junio C Hamano <gitster@pobox.com>
To: Jeff King <peff@peff.net>
Cc: "Shawn O. Pearce" <spearce@spearce.org>, git@vger.kernel.org
Subject: Re: Subject: [PATCH] Push to create
Date: Tue, 03 Mar 2009 00:22:53 -0800 [thread overview]
Message-ID: <7v63irf21u.fsf@gitster.siamese.dyndns.org> (raw)
In-Reply-To: <20090303080603.GA3158@coredump.intra.peff.net> (Jeff King's message of "Tue, 3 Mar 2009 03:06:03 -0500")
Jeff King <peff@peff.net> writes:
> On Mon, Mar 02, 2009 at 11:55:51PM -0800, Junio C Hamano wrote:
>
>> As with the previous "git init --remote" patch, my design constraints
>> includes keeping the door open for "git shell" users to optionally allow
>> this mode of operation.
>
> OK, I thought your original comment was "I don't think this constraint
> (thinking only of normal shell users) is right, but here is a patch
> anyway". Which did leave me confused, since it seemed like your patch
> did not cater just to such users. But I see now what you meant.
Yeah, I wanted to see if we can give git-shell only people a sane way to
host a group project, so that was why I mentioned "chgrp/chmod" in the
follow-up message to the "init --remote" series.
> However, if you are thinking of "git shell" users, then is it not a
> potential security problem to allow them to create new repositories
> without the admin explicitly enabling it? If a site is depending on
> hooks in existing repositories to implement some kind of policy, then
> isn't this a way to bypass it (not to make changes in those existing
> repos, obviously, but let's say there is a policy about how disk usage
> is counted).
Yes and no. I think "git shell" sites fall broadly into two categories.
The ones arranged ala gitosis without per-user UNIX account, it certainly
is an issue. The ones with per-user UNIX account would not let anywhere
other than $HOME written, so it is not.
My sole interest lies in building a track record of suggested patches to
eliminate the excuse people would use to complain that we do not attempt
to allow repositories to be created remotely. I've shown two possible
ways. It now is turn for those who want to have the feature to fill in
the details. These are weatherbaloon patches, and it is not my itch to
scratch anyway.
> Even if it isn't a security issue, it might simply be broken. Shawn has
> said that Gerrit needs extra magic when creating a repository, and I
> wouldn't be surprised if github and repo.or.cz were the same. With your
> patch, what switch should a Gerrit admin flip to prevent people from
> creating broken repos?
>
> What about places that might simply want to put some policy in place,
> like kernel.org having all linux repos point to Linus as alternates?
These are all valid points and people who are interested in creating
repositories remotely must think about them when they finally decide to
scratch their own itch. I am merely helping by showing where to add
hooks.
next prev parent reply other threads:[~2009-03-03 8:24 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-03-01 0:03 [PATCH 1/4] Refactor list of environment variables to be sanitized Junio C Hamano
2009-03-01 0:03 ` [PATCH 2/4] git-init: inject some sanity to the option parser Junio C Hamano
2009-03-01 0:03 ` [PATCH 3/4] Add init-serve, the remote side of "git init --remote=host:path" Junio C Hamano
2009-03-01 0:03 ` [PATCH 4/4] " Junio C Hamano
2009-03-01 3:16 ` [PATCH 3/4] Add init-serve, the remote side of " Jeff King
2009-03-01 5:54 ` Junio C Hamano
2009-03-01 10:00 ` Jeff King
2009-03-01 17:04 ` Shawn O. Pearce
2009-03-03 6:50 ` Subject: [PATCH] Push to create Junio C Hamano
2009-03-03 7:09 ` Jay Soffian
2009-03-03 7:09 ` Jeff King
2009-03-03 7:37 ` Jay Soffian
2009-03-03 7:39 ` Jay Soffian
2009-03-03 7:56 ` Junio C Hamano
2009-03-03 8:02 ` Jay Soffian
2009-03-03 8:04 ` Junio C Hamano
2009-03-03 8:04 ` Junio C Hamano
2009-03-03 8:16 ` Jay Soffian
2009-03-03 8:23 ` Jeff King
2009-03-03 19:57 ` Jay Soffian
2009-03-04 5:42 ` Jeff King
2009-03-04 6:35 ` Junio C Hamano
2009-03-04 13:06 ` Jay Soffian
2009-03-03 7:55 ` Junio C Hamano
2009-03-03 8:06 ` Jeff King
2009-03-03 8:22 ` Junio C Hamano [this message]
2009-03-03 8:27 ` Jeff King
2009-03-03 8:30 ` Junio C Hamano
2009-03-03 8:41 ` Jay Soffian
2009-03-03 9:23 ` Theodore Tso
2009-03-03 10:39 ` Johannes Schindelin
2009-03-04 17:58 ` Theodore Tso
2009-03-06 1:37 ` Miles Bader
2009-03-03 18:41 ` Shawn O. Pearce
2009-03-04 8:32 ` [RFC/PATCH 1/2] improve missing repository error message Jeff King
2009-03-04 9:19 ` Matthieu Moy
2009-03-04 10:35 ` Jeff King
2009-03-04 18:57 ` Shawn O. Pearce
2009-03-05 10:36 ` Jeff King
2009-03-04 8:42 ` [RFC/PATCH 2/2] make remote hangup warnings more friendly Jeff King
2009-03-04 19:04 ` Shawn O. Pearce
2009-03-05 10:45 ` Jeff King
2009-03-03 21:08 ` Subject: [PATCH] Push to create Daniel Barkalow
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7v63irf21u.fsf@gitster.siamese.dyndns.org \
--to=gitster@pobox.com \
--cc=git@vger.kernel.org \
--cc=peff@peff.net \
--cc=spearce@spearce.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).