Jeff King <peff@xxxxxxxx> writes: > Subject: [PATCH] daemon: turn on informative errors by default > > These are only a problem if you have a bunch of inaccessible > repositories served from the same root as your regular > exported repositories, and you are sensitive about people > learning about the existence of those repositories. > > Git is foremost an open system, and our defaults should > reflect that. > > Signed-off-by: Jeff King <peff@xxxxxxxx> I think the logic in the last paragraph is flawed. There is a difference between Git being an open system, and installations and users of Git being primarily people who work on open projects. Even though personally I wish there weren't. > But since it is a potential security issue, it does seem kind of mean to > closed sites to just flip the switch on them. It would have been a better split to have the 1/2 patch to support both informative and uninformative errors, with the default to say "access denied", and 2/2 to flip the default to be more open. Will queue as-is, though. > Documentation/git-daemon.txt | 6 +++--- > daemon.c | 2 +- > 2 files changed, 4 insertions(+), 4 deletions(-) > > diff --git a/Documentation/git-daemon.txt b/Documentation/git-daemon.txt > index ac57c6d..2b17175 100644 > --- a/Documentation/git-daemon.txt > +++ b/Documentation/git-daemon.txt > @@ -161,12 +161,12 @@ the facility of inet daemon to achieve the same before spawning > repository configuration. By default, all the services > are overridable. > > ---informative-errors:: > - Return more verbose errors to the client, differentiating > +--no-informative-errors:: > + By default, we return verbose errors to the client, differentiating > conditions like "no such repository" from "repository not > exported". This is more convenient for clients, but may leak > information about the existence of unexported repositories. > - Without this option, all errors report "access denied" to the > + With this option, all errors report "access denied" to the > client. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html