Hello Thank you, but I don't understand the answer. If I mistakenly publish a tree that contains secrets and someone manages to fetch against it before I correct the mistake; how does the limitation to only fetch named references help me??? By the way: I don't use push. I'd be perfectly happy if just fetch supported SHA key references. BR / Klas On Mon, Apr 6, 2009 at 2:33 PM, Johannes Schindelin <Johannes.Schindelin@xxxxxx> wrote: > Hi, > > On Mon, 6 Apr 2009, Klas Lindberg wrote: > >> Is there a way to fetch based on SHA id's instead of named references? > > No, out of security concerns; imagine you included some proprietary > source code by mistake, and undo the damage by forcing a push with a > branch that does not have the incriminating code. Usually you do not > control the garbage-collection on the server, yet you still do not want > other people to fetch "by SHA-1". > > BTW this is really a strong reason not to use HTTP push in such > environments. > > Ciao, > Dscho > -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html