From: Junio C Hamano <junkio@cox.net>
To: ebiederm@xmission.com (Eric W. Biederman)
Cc: git@vger.kernel.org
Subject: Re: [RFC][PATCH] Allow transfer of any valid sha1
Date: Wed, 24 May 2006 23:36:07 -0700 [thread overview]
Message-ID: <7vwtcay5k8.fsf@assigned-by-dhcp.cox.net> (raw)
In-Reply-To: <m13beysnb2.fsf@ebiederm.dsl.xmission.com> (Eric W. Biederman's message of "Wed, 24 May 2006 23:09:21 -0600")
ebiederm@xmission.com (Eric W. Biederman) writes:
> I clearly would not advertise it. My problem is that I have
> evidence that someone pulled a given sha1 at some point from
> some branch on a given repository. But I don't have that branch.
If that was over rsync (as you mention later), then I would
consider that is an unfortunate unfixable issue. rsync mirrors
are fundamentally unsafe for git -- Linus and I do not keep
saying rsync should be deprecated without good reasons.
There still might be bugs that breaks this guarantee outside
rsync, but if that is the case we should fix it.
I do not want to rehash the thread around Sep 29th 2005 here.
The entry point of that thread is this message:
http://marc.theaimsgroup.com/?l=git&m=112795140820665
and the punch line are these two messages:
http://marc.theaimsgroup.com/?l=git&m=112801874021223
http://marc.theaimsgroup.com/?l=git&m=112802808030710
I did not realize what I was breaking initially. I am not
ashamed of having been wrong, but it was embarrassing ;-).
> If I want
> a copy of your pu branch at some point in the past, but you have
> rebased it since that sha1 was published then there will clearly not
> be a path from any current head to that branch. But if I still have a
> copy of the sha1 I should actually be able to recover the old copy of
> the pu branch from your tree.
Not necessarily. I occasionally prune after rewinding. When my
"pu" branch head does not point at the lost commit, the
repository may or may not have that object you happen to know I
used to have anymore.
>> Now, proving that a given SHA1 is the name of an object that
>> exists in the repository is cheap (has_sha1_file()), but proving
>> that the object is reachable from some of our refs can become
>> quite expensive. That gives this issue a security implication
>> as well -- you can easily DoS the git-daemon that way, for
>> example.
>
> Exactly, which is why I aimed for the cheap test.
But the thing is the cheap test is broken, eh, rather,
propagates brokenness downstream (which is perhaps worse).
next prev parent reply other threads:[~2006-05-25 6:36 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-05-24 7:51 [RFC][PATCH] Allow transfer of any valid sha1 Eric W. Biederman
2006-05-24 9:07 ` Junio C Hamano
2006-05-25 5:09 ` Eric W. Biederman
2006-05-25 6:36 ` Junio C Hamano [this message]
2006-05-25 17:00 ` Eric W. Biederman
2006-05-25 17:28 ` Linus Torvalds
2006-05-25 17:59 ` Eric W. Biederman
2006-05-25 18:28 ` Junio C Hamano
2006-05-25 18:36 ` Linus Torvalds
2006-05-25 20:30 ` Eric W. Biederman
2006-05-25 20:53 ` Junio C Hamano
2006-05-26 8:27 ` Eric W. Biederman
2006-05-26 10:04 ` Junio C Hamano
2006-05-26 17:32 ` Eric W. Biederman
2006-05-25 20:50 ` Eric W. Biederman
2006-05-25 21:04 ` Junio C Hamano
2006-05-26 8:32 ` Eric W. Biederman
2006-06-08 9:33 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7vwtcay5k8.fsf@assigned-by-dhcp.cox.net \
--to=junkio@cox.net \
--cc=ebiederm@xmission.com \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox