From: Sitaram Chamarty <sitaramc@gmail.com>
To: Shawn Pearce <spearce@spearce.org>
Cc: Martin L Resnick <mresnick@bbn.com>,
"R. Tyler Croy" <tyler@monkeypox.org>,
git@vger.kernel.org
Subject: Re: ACLs for GIT
Date: Tue, 17 May 2011 21:11:44 +0530 [thread overview]
Message-ID: <BANLkTik6dP9su_K5WxUYkcGUL76J5ObvMg@mail.gmail.com> (raw)
In-Reply-To: <BANLkTi=W2CtA2YaV_spru1E9pTWgoge3Kw@mail.gmail.com>
On Tue, May 17, 2011 at 7:36 PM, Shawn Pearce <spearce@spearce.org> wrote:
> On Tue, May 17, 2011 at 05:08, Sitaram Chamarty <sitaramc@gmail.com> wrote:
> Yes. Or, he has a SHA-1 he suspects is a tree or blob and lists that
> in a tree he pushes to a branch he can write to. Now he can fetch that
> branch back, and obtain that object whose SHA-1 he has but whose
> contents he does not have.
Good point. Not too hard too I guess, unlike this one:
> There is another attack that is incredibly improbable, but that JGit
[snipped lots of complicated stuff]
> assume this theoretical attack is too improbable to succeed. (And it
> is given what we know about SHA-1 today.)
IMO most of the theoretical attacks are just that. They advance the
state of the art but I've not heard of any of them actually being used
in a real life scenario. The sad fact is there are much weaker links
to be found if you look around and you don't need all this.
>> Having two repos is still the best plan ;-)
>
> Yes, but tell that to Gerrit Code Review users. They really use the
> branch ACL features. :-)
Interesting. I do a fair amount of git consulting and training
(inhouse) and this has only come up once so far. I haven't seen it as
being that common at all.
next prev parent reply other threads:[~2011-05-17 15:59 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-05-15 19:24 ACLs for GIT Martin L Resnick
2011-05-15 20:15 ` Magnus Bäck
2011-05-16 13:22 ` Martin L Resnick
2011-05-16 15:26 ` Richard Peterson
2011-05-16 15:33 ` Phil Hord
2011-05-16 15:36 ` Martin L Resnick
2011-05-16 16:28 ` Jakub Narebski
2011-05-15 20:16 ` R. Tyler Croy
2011-05-16 13:22 ` Martin L Resnick
2011-05-17 1:32 ` Sitaram Chamarty
2011-05-17 1:49 ` Shawn Pearce
2011-05-17 12:08 ` Sitaram Chamarty
2011-05-17 14:06 ` Shawn Pearce
2011-05-17 15:41 ` Sitaram Chamarty [this message]
2011-05-15 20:28 ` Marc Weber
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=BANLkTik6dP9su_K5WxUYkcGUL76J5ObvMg@mail.gmail.com \
--to=sitaramc@gmail.com \
--cc=git@vger.kernel.org \
--cc=mresnick@bbn.com \
--cc=spearce@spearce.org \
--cc=tyler@monkeypox.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).