On Wed, Jan 11, 2012 at 09:54:45PM -0500, Jeff King wrote: > On Wed, Jan 11, 2012 at 06:46:56PM -0800, Junio C Hamano wrote: > > > Carlos Martín Nieto <cmn@xxxxxxxx> writes: > > > > > The tightening done in (ee27ca4a: archive: don't let remote clients > > > get unreachable commits, 2011-11-17) went too far and disallowed > > > HEAD:Documentation as it would try to find "HEAD:Documentation" as a > > > ref. > > > > I do not think it went too far. Actually we discussed this exact issue > > when the topic was cooking, and saw no objections. The commit in question > > itself advertises this restriction. > > I think you and I discussed it off list (I originally took this off-list > because the original issue did have some security implications). So I > don't think people necessarily had a chance to object. Here is the only on-list discussion: http://article.gmane.org/gmane.comp.version-control.git/186366 Quoted below: >> * jk/maint-1.6.2-upload-archive (2011-11-21) 1 commit >> - archive: don't let remote clients get unreachable commits >> (this branch is used by jk/maint-upload-archive.) >> >> * jk/maint-upload-archive (2011-11-21) 1 commit >> - Merge branch 'jk/maint-1.6.2-upload-archive' into >> jk/maint-upload-archive >> (this branch uses jk/maint-1.6.2-upload-archive.) >> >> Will merge to 'next' after taking another look. > > Thanks. I also have some followup patches to re-loosen to at least > trees reachable from refs. Do you want to leave the tightening to > the maint track, and then consider the re-loosening for master? I was planning to first have the really tight version graduate to 'master' and ship it in 1.7.9, while possibly merging that to 1.7.8.X series. If we hear complaints from real users in the meantime before or after such releases, we could apply loosening patch on top of these topics and call them "regression fix", but I have been assuming that nobody would have been using this backdoor for anything that really matters. So now we have heard a complaint. :) -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html