git.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Stefan Beller <sbeller@google.com>
To: Junio C Hamano <gitster@pobox.com>
Cc: Stefan Beller <stefanbeller@gmail.com>,
	"git@vger.kernel.org" <git@vger.kernel.org>
Subject: Re: [PATCH] receive-pack.c: don't miss exporting unsolicited push certificates
Date: Tue, 13 Jan 2015 16:11:34 -0800	[thread overview]
Message-ID: <CAGZ79kad=c1wXW163doxWBRdSvQ7Y9EkkD+ZXtOfawjtxEyeQw@mail.gmail.com> (raw)
In-Reply-To: <xmqqiogb95t4.fsf@gitster.dls.corp.google.com>

On Mon, Jan 12, 2015 at 11:07 AM, Junio C Hamano <gitster@pobox.com> wrote:
>>
>> yes that's what I was trying to hint at. The hook would just see
>> it is unsolicited instead of not having the state available.
>
> OK.  That makes sort of sense.  So if we:
>
>  1) did not apply either patch (i.e. we accept unsolicited
>     certificate, and the fact that we did not exchange "give me this
>     nonce" "here is your nonce" is conveyed to the hooks by the lack
>     of GIT_PUSH_CERT_NONCE environment and possible presense of
>     unsolicited nonce in the GIT_PUSH_CERT blob); and then
>
>  2) applied this patch first (i.e. we still allow unsolicited
>     certificate, and the same fact is now conveyed to the hooks also
>     by GIT_PUSH_CERT_NONCE_STATUS=UNSOLICITED if they sent a nonce,
>     or GIT_PUSH_CERT_NONCE_STATUS=MISSING); and then finally
>
>  3) applied the other patch to reject unsolicited certificate.
>
> then we can stop at any of these three steps and the behaviour of
> three resulting systems make sense and the pre-receive hook can
> reject unsolicited certificates if it wants to, even at step #1.

I do not quite understand the intention of your mail. Are you saying I should
make a patch series to solve the problems as outlined above?

  reply	other threads:[~2015-01-14  0:11 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-01-09 20:47 [RFC/PATCH] receive-pack.c: only accept push-cert if push_cert_nonce was advertised Stefan Beller
2015-01-09 22:39 ` Junio C Hamano
2015-01-09 23:05   ` Junio C Hamano
2015-01-09 23:15   ` Stefan Beller
2015-01-09 23:57     ` Junio C Hamano
2015-01-10  0:31       ` [PATCH] receive-pack.c: don't miss exporting unsolicited push certificates Stefan Beller
2015-01-10  1:52         ` Junio C Hamano
2015-01-10  3:55           ` Stefan Beller
2015-01-12 19:07             ` Junio C Hamano
2015-01-14  0:11               ` Stefan Beller [this message]
2015-01-14 18:08                 ` Junio C Hamano

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAGZ79kad=c1wXW163doxWBRdSvQ7Y9EkkD+ZXtOfawjtxEyeQw@mail.gmail.com' \
    --to=sbeller@google.com \
    --cc=git@vger.kernel.org \
    --cc=gitster@pobox.com \
    --cc=stefanbeller@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).