In looking at fsck-objects.c the only thing it tries to validate
about a commit is:
- the commit has a tree ("tree NNNNNN\n");
- the commit maybe has parent(s) ("parent NNNNN\n");
- the commit has "author ".
That's it.
Its OK for an author line to be completely corrupt and have no
timestamp, no name, no timezone. Or to have a timestamp such as
"bobthetalkingdog".
Its OK for a committer line to just plain not exist or to be
equally corrupt.
I'm thinking that can't be right. Shouldn't fsck-objects be doing
better checking on commits?
The reason I ask is I'm working on my (bastard) fast-import program
for Jon's Mozilla CVS -> GIT conversion effort and I'm taking the
author and committer lines blind from the Python code. If the
Python code gives me a bad line its going to go into the pack that
way, with that possibly resulting in a totally corrupt repository.
I hoped to apply the same verification that fsck-objects applies
but apparently it doesn't do anything. :-)
I'm willing to write some better validation in fsck-objects.c
and submit the patch if folks think we should do stronger checks
in there.
--
Shawn.
-
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html