From: Junio C Hamano <gitster@pobox.com>
To: Derrick Stolee <derrickstolee@github.com>
Cc: Derrick Stolee via GitGitGadget <gitgitgadget@gmail.com>,
git@vger.kernel.org, me@ttaylorr.com, newren@gmail.com,
avarab@gmail.com, dyroneteng@gmail.com,
Johannes.Schindelin@gmx.de
Subject: Re: [PATCH 1/6] docs: document bundle URI standard
Date: Wed, 08 Jun 2022 13:44:39 -0700 [thread overview]
Message-ID: <xmqqfskeriko.fsf@gitster.g> (raw)
In-Reply-To: <xmqqo7z3q7lm.fsf@gitster.g> (Junio C. Hamano's message of "Wed, 08 Jun 2022 12:27:01 -0700")
Junio C Hamano <gitster@pobox.com> writes:
> Derrick Stolee <derrickstolee@github.com> writes:
>
>>> How does a client tell which one it got? Do we register mimetype
>>> with iana to use for these two types of files, and have the HTTP
>>> downloader to use the information?
>>
>> My implementation is much dumber than that: it first attempts to
>> parse the file as a bundle (looking for a bundle header) and then
>> attempts to parse it as a config file after that. If neither
>> succeed, then an error is thrown.
>
> I think that is probably the best implementation after all.
>
> We cannot trust what the other side tells us. "They claimed that
> this is a bundle file and not a table-of-contents, and it does look
> like one, but it may be corrupt or even malicious file that may look
> like a bundle file on surface, so let's carefully examine it" ought
> to be the attitude the receiving side has towards the incoming data.
With the above, I do not mean that this new mechanism must be more
paranoia than we already are.
$ git fetch bootstrap.bndl refs/*:refs/bundle/bootstrap/*
should already have sensible error checking, and we should use the
available mechanism. But there of course are places the new feature
should be careful in its new code, for example, we may want to
unbundle all these bundles in quarantined area until we resolve all
the prerequisite objects and then move them out of the quarantine,
for example, if the new feature rolls its own code to unbundle
instead of invoking "git fetch" on it. Even if it spawns "git fetch"
on it, it may have to choose the parameters carefully (e.g. the refmap
would want to avoid clobbering our own ref namespace, which you plan
to do).
next prev parent reply other threads:[~2022-06-08 20:44 UTC|newest]
Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-06 19:55 [PATCH 0/6] bundle URIs: design doc and initial git fetch --bundle-uri implementation Derrick Stolee via GitGitGadget
2022-06-06 19:55 ` [PATCH 1/6] docs: document bundle URI standard Derrick Stolee via GitGitGadget
2022-06-06 22:18 ` Junio C Hamano
2022-06-08 19:20 ` Derrick Stolee
2022-06-08 19:27 ` Junio C Hamano
2022-06-08 20:44 ` Junio C Hamano [this message]
2022-06-08 20:39 ` Junio C Hamano
2022-06-08 20:52 ` Derrick Stolee
2022-06-07 0:33 ` Junio C Hamano
2022-06-08 19:46 ` Derrick Stolee
2022-06-08 21:01 ` Junio C Hamano
2022-06-09 16:00 ` Derrick Stolee
2022-06-09 17:56 ` Junio C Hamano
2022-06-09 18:27 ` Ævar Arnfjörð Bjarmason
2022-06-09 19:39 ` Derrick Stolee
2022-06-09 20:13 ` Junio C Hamano
2022-06-21 19:34 ` Derrick Stolee
2022-06-21 20:16 ` Junio C Hamano
2022-06-21 21:10 ` Derrick Stolee
2022-06-21 21:33 ` Junio C Hamano
2022-06-06 19:55 ` [PATCH 2/6] remote-curl: add 'get' capability Derrick Stolee via GitGitGadget
2022-07-21 22:59 ` Junio C Hamano
2022-06-06 19:55 ` [PATCH 3/6] bundle-uri: create basic file-copy logic Derrick Stolee via GitGitGadget
2022-06-06 19:55 ` [PATCH 4/6] fetch: add --bundle-uri option Derrick Stolee via GitGitGadget
2022-06-06 19:55 ` [PATCH 5/6] bundle-uri: add support for http(s):// and file:// Derrick Stolee via GitGitGadget
2022-06-06 19:55 ` [PATCH 6/6] fetch: add 'refs/bundle/' to log.excludeDecoration Derrick Stolee via GitGitGadget
2022-06-29 20:40 ` [PATCH v2 0/6] bundle URIs: design doc and initial git fetch --bundle-uri implementation Derrick Stolee via GitGitGadget
2022-06-29 20:40 ` [PATCH v2 1/6] docs: document bundle URI standard Derrick Stolee via GitGitGadget
2022-07-18 9:20 ` SZEDER Gábor
2022-07-21 12:09 ` Matthew John Cheetham
2022-07-22 13:52 ` Derrick Stolee
2022-07-22 16:03 ` Derrick Stolee
2022-07-21 21:39 ` Josh Steadmon
2022-07-22 13:15 ` Derrick Stolee
2022-07-22 15:01 ` Derrick Stolee
2022-06-29 20:40 ` [PATCH v2 2/6] remote-curl: add 'get' capability Derrick Stolee via GitGitGadget
2022-07-21 21:41 ` Josh Steadmon
2022-06-29 20:40 ` [PATCH v2 3/6] bundle-uri: create basic file-copy logic Derrick Stolee via GitGitGadget
2022-07-21 21:45 ` Josh Steadmon
2022-07-22 13:18 ` Derrick Stolee
2022-06-29 20:40 ` [PATCH v2 4/6] fetch: add --bundle-uri option Derrick Stolee via GitGitGadget
2022-06-29 20:40 ` [PATCH v2 5/6] bundle-uri: add support for http(s):// and file:// Derrick Stolee via GitGitGadget
2022-06-29 20:40 ` [PATCH v2 6/6] fetch: add 'refs/bundle/' to log.excludeDecoration Derrick Stolee via GitGitGadget
2022-07-21 21:47 ` Josh Steadmon
2022-07-22 13:20 ` Derrick Stolee
2022-07-21 21:48 ` [PATCH v2 0/6] bundle URIs: design doc and initial git fetch --bundle-uri implementation Josh Steadmon
2022-07-21 21:56 ` Junio C Hamano
2022-07-25 13:53 ` [PATCH v3 0/2] " Derrick Stolee via GitGitGadget
2022-07-25 13:53 ` [PATCH v3 1/2] docs: document bundle URI standard Derrick Stolee via GitGitGadget
2022-07-28 1:23 ` tenglong.tl
2022-08-01 13:42 ` Derrick Stolee
2022-07-25 13:53 ` [PATCH v3 2/2] bundle-uri: add example bundle organization Derrick Stolee via GitGitGadget
2022-08-04 16:09 ` Matthew John Cheetham
2022-08-04 17:39 ` Derrick Stolee
2022-08-04 20:29 ` Ævar Arnfjörð Bjarmason
2022-08-05 18:29 ` Derrick Stolee
2022-07-25 20:05 ` [PATCH v3 0/2] bundle URIs: design doc and initial git fetch --bundle-uri implementation Josh Steadmon
2022-08-09 13:12 ` [PATCH v4 0/2] bundle URIs: design doc Derrick Stolee via GitGitGadget
2022-08-09 13:12 ` [PATCH v4 1/2] docs: document bundle URI standard Derrick Stolee via GitGitGadget
2022-10-04 19:48 ` Philip Oakley
2022-08-09 13:12 ` [PATCH v4 2/2] bundle-uri: add example bundle organization Derrick Stolee via GitGitGadget
2022-08-09 13:49 ` [PATCH v4 0/2] bundle URIs: design doc Phillip Wood
2022-08-09 15:50 ` Derrick Stolee
2022-08-11 15:42 ` Phillip Wood
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqfskeriko.fsf@gitster.g \
--to=gitster@pobox.com \
--cc=Johannes.Schindelin@gmx.de \
--cc=avarab@gmail.com \
--cc=derrickstolee@github.com \
--cc=dyroneteng@gmail.com \
--cc=git@vger.kernel.org \
--cc=gitgitgadget@gmail.com \
--cc=me@ttaylorr.com \
--cc=newren@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).