On Fri, Mar 11, 2011 at 10:48:22AM -0500, Jeff King wrote: > On Fri, Mar 11, 2011 at 07:41:14AM -0800, Shawn O. Pearce wrote: > > > Fair enough. Though I wouldn't limit this to bundles. Instead I would > > suggest supporting any valid Git URLs, and then extend our URL syntax > > to support bundles over http://, rsync://, and torrent. > > Sorry, I didn't mean to imply that it was limited to bundles. It would > support arbitrary URLs or schemes. See this thread for some past > discussion: Security pitfall: You need a way to restrict URL schemes that can be specified from the remote. Some URL schemes are wildly unsafe to use that way (or just don't make sense). The URL schemes where it is safe and makes sense are (at least): - git:// - ssh:// (and the scp syntax) - http:// - ftp:// - https:// - ftps:// - rsync:// - file:// (?) New capabilities perhaps? This would allow allowing it on per-remote-helper basis if that remote helper is deemed safe to be able to receive arbitrary URLs from untrusted sources. -Ilari -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html