From: ebiederm@xmission.com (Eric W. Biederman)
To: Linus Torvalds <torvalds@osdl.org>
Cc: Junio C Hamano <junkio@cox.net>, git@vger.kernel.org
Subject: Re: [RFC][PATCH] Allow transfer of any valid sha1
Date: Thu, 25 May 2006 11:59:58 -0600 [thread overview]
Message-ID: <m1bqtmdly9.fsf@ebiederm.dsl.xmission.com> (raw)
In-Reply-To: <Pine.LNX.4.64.0605251024320.5623@g5.osdl.org> (Linus Torvalds's message of "Thu, 25 May 2006 10:28:47 -0700 (PDT)")
Linus Torvalds <torvalds@osdl.org> writes:
> On Thu, 25 May 2006, Eric W. Biederman wrote:
>>
>> My basic argument is that starting a pull with a commit that is not a
>> reference is no worse than staring a pull from a broken repository. The
>> same checks that protects us should work in either case.
>
> I think Junio reacted to the subject line, which was somewhat badly
> phrased. You're not looking to transfer random objects, you're looking to
> _start_ a branch at any arbitrary known point.
Probably, but if I understood enough to get the subject line right the
first time I probably would have understood enough to just send
a patch :)
> However, Junio's point is probably that the "any valid SHA1" might
> actually point to a broken tree, even if it exists on the server.
>
> Of course, in that case hopefully git-rev-list exits with an error, and
> the server doesn't generate any pack at all rather than generating a
> broken one.
>
> However, there's a (questionable) security issue: what if the server
> doesn't _want_ to expose certain branches? Arguably, if you know the top
> SHA1, you likely know all that it contains, but it may be a valid argument
> to say that if the SHA1 isn't an exported branch, you shouldn't
> necessarily be able to follow it.
Agreed and I mentioned this one earlier.
However the only way the above scenario can even happen in a useful
manner is with a shared object store for several repositories. Otherwise
you couldn't access the data you don't want to share.
I can't think of a valid argument against not sharing an entire
repository except David Woodhouse's bandwidth concern.
Of course what was wanted there was a test a limit to how far
back in the history you could look for a common commit, which
is something different.
In general it is much easier to guarantee that either a repository is
shared or it is not. Making a guarantee that objects that
"git-fsck-objects --unreachable --full" identifies will never be
downloaded is difficult, and probably not worth encouraging
people to do.
That said it is easy to keep the current behavior as an option,
so the security policy issue shouldn't limit the technical discussion.
Eric
next prev parent reply other threads:[~2006-05-25 18:01 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-05-24 7:51 [RFC][PATCH] Allow transfer of any valid sha1 Eric W. Biederman
2006-05-24 9:07 ` Junio C Hamano
2006-05-25 5:09 ` Eric W. Biederman
2006-05-25 6:36 ` Junio C Hamano
2006-05-25 17:00 ` Eric W. Biederman
2006-05-25 17:28 ` Linus Torvalds
2006-05-25 17:59 ` Eric W. Biederman [this message]
2006-05-25 18:28 ` Junio C Hamano
2006-05-25 18:36 ` Linus Torvalds
2006-05-25 20:30 ` Eric W. Biederman
2006-05-25 20:53 ` Junio C Hamano
2006-05-26 8:27 ` Eric W. Biederman
2006-05-26 10:04 ` Junio C Hamano
2006-05-26 17:32 ` Eric W. Biederman
2006-05-25 20:50 ` Eric W. Biederman
2006-05-25 21:04 ` Junio C Hamano
2006-05-26 8:32 ` Eric W. Biederman
2006-06-08 9:33 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m1bqtmdly9.fsf@ebiederm.dsl.xmission.com \
--to=ebiederm@xmission.com \
--cc=git@vger.kernel.org \
--cc=junkio@cox.net \
--cc=torvalds@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox