From: Junio C Hamano <gitster@pobox.com>
To: Christian Couder <christian.couder@gmail.com>
Cc: git@vger.kernel.org, Patrick Steinhardt <ps@pks.im>,
Taylor Blau <me@ttaylorr.com>,
Karthik Nayak <karthik.188@gmail.com>,
Elijah Newren <newren@gmail.com>,
Christian Couder <chriscool@tuxfamily.org>
Subject: Re: [PATCH 14/16] promisor-remote: trust known remotes matching acceptFromServerUrl
Date: Tue, 31 Mar 2026 15:03:27 -0700 [thread overview]
Message-ID: <xmqq341fy7v4.fsf@gitster.g> (raw)
In-Reply-To: <CAP8UFD2vAK_khTkJMP4QBfhYA5iYVW5sfB3i-vnzhf71BvwQ=w@mail.gmail.com> (Christian Couder's message of "Fri, 27 Mar 2026 13:17:59 +0100")
Christian Couder <christian.couder@gmail.com> writes:
>> Between the first sentence and the second one, I think there needs
>> to be an explanation on what "trusted" means in this context. Is it
>> trusted so that the URL can feed random configuration variable=value
>> pairs for the client to blindly apply? Or is it trusted to do very
>> limited things that other remotes can do, and if so what are these
>> limited things? Without knowing that, the end-users cannot assess
>> the security implications of setting this option.
>
> Yeah, in the current version, the following is used, which is more explicit:
> ...
Do you mean by "the current version", the one you are preparing as
an updated iteration?
If so, let me mark the topic to be expecting a reroll. From the
reviews by Patrick, I am not sure if I should also add the usual
"(hopefully small and final)" in this case, not just yet, though.
Thanks.
next prev parent reply other threads:[~2026-03-31 22:03 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-23 8:05 [PATCH 00/16] Auto-configure advertised remotes via URL whitelist Christian Couder
2026-03-23 8:05 ` [PATCH 01/16] promisor-remote: try accepted remotes before others in get_direct() Christian Couder
2026-03-26 12:20 ` Patrick Steinhardt
2026-04-02 6:34 ` Christian Couder
2026-03-23 8:05 ` [PATCH 02/16] urlmatch: change 'allow_globs' arg to bool Christian Couder
2026-03-23 8:05 ` [PATCH 03/16] urlmatch: add url_is_valid_pattern() helper Christian Couder
2026-03-26 12:20 ` Patrick Steinhardt
2026-04-27 12:42 ` Christian Couder
2026-03-23 8:05 ` [PATCH 04/16] promisor-remote: clarify that a remote is ignored Christian Couder
2026-03-26 12:20 ` Patrick Steinhardt
2026-04-02 7:03 ` Christian Couder
2026-03-23 8:05 ` [PATCH 05/16] promisor-remote: refactor has_control_char() Christian Couder
2026-03-23 8:05 ` [PATCH 06/16] promisor-remote: refactor accept_from_server() Christian Couder
2026-03-23 8:05 ` [PATCH 07/16] promisor-remote: keep accepted promisor_info structs alive Christian Couder
2026-03-26 12:21 ` Patrick Steinhardt
2026-03-23 8:05 ` [PATCH 08/16] promisor-remote: remove the 'accepted' strvec Christian Couder
2026-03-26 12:21 ` Patrick Steinhardt
2026-04-02 6:59 ` Christian Couder
2026-03-23 8:05 ` [PATCH 09/16] promisor-remote: add 'local_name' to 'struct promisor_info' Christian Couder
2026-03-26 12:21 ` Patrick Steinhardt
2026-04-27 12:42 ` Christian Couder
2026-03-23 8:05 ` [PATCH 10/16] promisor-remote: pass config entry to all_fields_match() directly Christian Couder
2026-03-26 12:21 ` Patrick Steinhardt
2026-04-02 6:35 ` Christian Couder
2026-03-23 8:05 ` [PATCH 11/16] promisor-remote: refactor should_accept_remote() control flow Christian Couder
2026-03-26 12:21 ` Patrick Steinhardt
2026-04-02 6:55 ` Christian Couder
2026-03-23 8:05 ` [PATCH 12/16] t5710: use proper file:// URIs for absolute paths Christian Couder
2026-03-26 12:21 ` Patrick Steinhardt
2026-04-02 6:36 ` Christian Couder
2026-03-23 8:05 ` [PATCH 13/16] promisor-remote: introduce promisor.acceptFromServerUrl Christian Couder
2026-03-26 12:21 ` Patrick Steinhardt
2026-04-27 12:44 ` Christian Couder
2026-03-23 8:05 ` [PATCH 14/16] promisor-remote: trust known remotes matching acceptFromServerUrl Christian Couder
2026-03-23 18:54 ` Junio C Hamano
2026-03-23 23:47 ` Junio C Hamano
2026-03-27 12:17 ` Christian Couder
2026-03-31 22:03 ` Junio C Hamano [this message]
2026-04-01 5:41 ` Christian Couder
2026-03-26 12:21 ` Patrick Steinhardt
2026-04-27 12:45 ` Christian Couder
2026-03-23 8:05 ` [PATCH 15/16] promisor-remote: auto-configure unknown remotes Christian Couder
2026-03-26 12:21 ` Patrick Steinhardt
2026-04-27 12:44 ` Christian Couder
2026-03-23 8:05 ` [PATCH 16/16] doc: promisor: improve acceptFromServer entry Christian Couder
2026-03-26 12:21 ` [PATCH 00/16] Auto-configure advertised remotes via URL whitelist Patrick Steinhardt
2026-04-02 6:41 ` Christian Couder
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqq341fy7v4.fsf@gitster.g \
--to=gitster@pobox.com \
--cc=chriscool@tuxfamily.org \
--cc=christian.couder@gmail.com \
--cc=git@vger.kernel.org \
--cc=karthik.188@gmail.com \
--cc=me@ttaylorr.com \
--cc=newren@gmail.com \
--cc=ps@pks.im \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox