On Thu, 15 Jun 2006, Junio C Hamano wrote: > > Alexander Litvinov <lan@xxxxxxxxxxxxx> writes: > > > Why does not git-checkout check if file content match name of the object ? > > Good point. We could do a few things: I missed the original mail. What's the problem? If this is about the remote end lying about the SHA1 name, it's a total non-issue for any of the native protocols, since the native protocols don't actually send SHA1 names at all, they just send the data (and we re-create the SHA1 name on receipt). So there's no way to have the name of an object not match its content, unless you have actual corruption (which is for git-fsck-object to find, not somethign that should slow down any normal operation), or if you use one of the dumb protocols. And if you use the dumb protocols, the data should probably be validated _there_ (by fetch(), rather than anywhere else). And for "rsync", you really don't have much choice apart from doing a full fsck, I suspect. So I don't see the security issue, unless you don't trust the local filesystem, in which case nothing git can do matters at all.. Linus - : send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html