Re: Submodules can't work recursively because Git implements policy?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Apr 06, 2009 at 03:42:31PM +0200, Klas Lindberg wrote:
> On Mon, Apr 6, 2009 at 3:16 PM, Finn Arne Gangstad <finnag@xxxxxxx> wrote:
> 
> > git submodule update just does "git fetch" and hopes that the required
> > commit appears. In practice this means that you (may) need to invent a
> > tag or a branch for all the submodules, otherwise they are not
> > fetchable.
> >
> > This bit us pretty hard when we tried to use submodules earlier, so we
> > gave up. Maybe some day...
> 
> It "hopes" to find them?

Perhaps "hopes" is a loaded word, "expects" at least. The code just
does the equivalent of "git fetch; git checkout <sha-1> || die .. "

>  This is actually my other reason for bringing
> the whole SHA key fetching thing up. From what I can see, it is not
> possible to implement submodules sensibly without support for fetching
> SHA keys. I.e. I want fetch, checkout and every other command to
> recurse as needed in the presence of submodules. This limitation
> forces me to implement a whole CM tool where none should be necessary.

Yes, I could not agree more.  You may also end up writing some really
complicated wrappers around git push to get things going (where do you
push, for example). We made some interesting "concept art" around this
last year at $dayjob, but decided to drop it.

> It appears to me that the security concern (being able to hide commits
> by making them unreachable from a named reference) is actually a
> policy decision and not a technical one. On what grounds does Git
> decide for me how to handle security concerns? It just seems more
> important to be able to have recursive submodule behaviour than to
> provide band aid for careless users.

Maybe the security concerns could be handled by adding some
functionality to (quickly) get rid of unwanted commits?

> Out of curiosity: Is it really possible to change the value of an
> already pushed tag? Can you only do the hiding trick with branches?

Yes, but if you modify a tag, you get additional complications. In
particular, no one will ever try to refetch the tag, so everyone who
has already fetched it will have a permanently broken tag.

- Finn Arne
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]