Erik Broes <erikbroes@xxxxxxxx> writes: > This allows for example gitosis to allow use of 'git archive --remote' in a > controlled environment. > > Signed-off-by: Erik Broes <erikbroes@xxxxxxxx> > --- > > There were some questions on IRC raising (valid) concerns about security. > If there is a dangling commit on the remote end and any user would know > or guess the SHA, it could be retrieved where git-upload-pack will not > allow so. > > We were unable to find out if this was the original reason git-shell was > never extended with git-upload-archive functionality or if it was a simple > oversight. If it was the reason I'm not sure there is an easy way out. Can't the "security concern" be addressed by whatever creates the controlled environment (e.g. gitosis)? For example, git-daemon can be configured to service upload-archive request, so I do not think it is such a bad idea to make this available if the site owner wants to use it. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html