[Note to readers who haven't been following the recent thread on upload-archive bugs: these security issues are in c09cd77e, which has not actually been released. So this is "security problems, and we need fixes before this ships in 1.7.8" and not "OMG your git site is 0wned"]. Looking at Erik's c09cd77e again, there are some serious security problems, in that we are too lenient with what gets passed to git-archive, which is not hardened to accept random client arguments. That lets a client do all sorts of nasty things like running arbitrary code. These patches fix it by making cmd_archive handle the remote-request flag better. An alternative would be to pass only known-good options through upload-archive. That might be more future-proof, but also involves upload-archive knowing about the innards of write_archive and its options. See also the comments in patch 2/2 for another alternative fix. [1/2]: archive: don't allow negation of --remote-request [2/2]: archive: limit ourselves during remote requests And yes, I feel like a moron for not noticing these problems during my initial review. -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html