On 2009.04.11 12:22:54 -0700, Junio C Hamano wrote: > Erik Broes <erikbroes@xxxxxxxx> writes: > > > This allows for example gitosis to allow use of 'git archive --remote' in a > > controlled environment. > > > > Signed-off-by: Erik Broes <erikbroes@xxxxxxxx> > > --- > > > > There were some questions on IRC raising (valid) concerns about security. > > If there is a dangling commit on the remote end and any user would know > > or guess the SHA, it could be retrieved where git-upload-pack will not > > allow so. > > > > We were unable to find out if this was the original reason git-shell was > > never extended with git-upload-archive functionality or if it was a simple > > oversight. If it was the reason I'm not sure there is an easy way out. > > Can't the "security concern" be addressed by whatever creates the > controlled environment (e.g. gitosis)? For example, git-daemon can be > configured to service upload-archive request, so I do not think it is such > a bad idea to make this available if the site owner wants to use it. But what about users that just have their shell set to git-shell? IIRC around 1.6.0 we had some reports about broken setups because git-shell had been moved to libexec. So apparently there are such setups, and the change would weaken the restrictions for them. Hm? Björn -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html