Re: Git dumb HTTP protocol should work without update-server-info

["brian m. carlson" <sandals@crustytoothpaste.net>]

[-- Attachment #1: Type: text/plain, Size: 2004 bytes --]

On 2025-09-08 at 00:05:43, Jeff King wrote:
> Possibly dumb-http could learn to do the same scraping that httpdirfs
> does to get the refs and pack listings (though this might be quite slow
> for unpacked refs, if the ref tree is deep). But I doubt you will find
> anybody that enthused about working on or reviewing dumb-http patches
> these days. The code is not very well maintained, IMO.

That kind of scraping is really not a good idea.

It's the equivalent of trying to parse the FTP LIST output, which is
customarily the equivalent of `ls -l`, but doesn't have to be, and often
isn't on Windows.  I can tell you from experience how painful doing that
is and how many bug reports come in when you try to use that (because
the FTP server also doesn't support either variant of the
machine-readable format that solves this problem).

It's also prone to breaking things because some HTTP servers have weird
redirect loops due to sorting entries in the index pages that you have
to be careful not to trigger.  And, of course, that depends on the
server having index pages turned on, which many do not.

And then you have to do all of this in C with pointer arithmetic, with
all of the terrifying security properties that has, especially because
you can't actually use an XML parser to do it (unlike in DAV) since many
servers have index pages that are (possibly invalid) autogenerated HTML
3.2 or something.

I've seen exactly one piece of software (lftp) that hasn't done a
terribly awful implementation of this and that happens to have worked
every time I've tried it (which is extremely infrequently, so I probably
just haven't found a server which breaks it yet).  Every other piece of
software I've used that's done this kind of thing has just been broken
and I anticipate Git would be no different.

I do want to be very clear that this is a bad idea and I hope never to
see such patches come into Git.
-- 
brian m. carlson (they/them)
Toronto, Ontario, CA

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 262 bytes --]