On Fri, Sep 2, 2011 at 5:43 AM, Junio C Hamano <gitster@xxxxxxxxx> wrote: > The "git fetch" command works in two phases. The remote side tells us what > objects are at the tip of the refs we are fetching from, and transfers the > objects missing from our side. After storing the objects in our repository, > we update our remote tracking branches to point at the updated tips of the > refs. > > A broken or malicious remote side could send a perfectly well-formed pack > data during the object transfer phase, but there is no guarantee that the > given data actually fill the gap between the objects we originally had and > the refs we are updating to. What about receive-pack? Does it have the same breakage? -- Duy -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html