On Mon, Nov 26, 2012 at 8:24 PM, Pyeron, Jason J CTR (US) <jason.j.pyeron.ctr@xxxxxxxx> wrote: > I may need to be nudged in a better direction, but please try to understand my intentions. > > I am facing a situation where I would like to use git bundle but at the same time inspect the contents to prevent a spillage[1]. > > Given we have a public repository which was cloned on to a secret development repository. Now the developers do some work which should not be sensitive in any way and commit and push it to the secret repository. > > Now they want to release it out to the public. The current process is to review the text files to ensure that there is no "secret" sauce in there and then approve its release. This current process ignores the change tracking and all non-content is lost. > > > In this situation we should assume that the bundle does not have any content which is already in the public repository, that is it has the minimum data to make it pass a git bundle verify from the public repositories point of view. We would then take the bundle and pipe it though the "git-bundle2text" program which would result in a "human" inspectable format as opposed to the packed format[2]. The security reviewer would then see all the information being released and with the help of the public repository see how the data changes the repository. > > Am I barking up the right tree? Have you tried 'git fast-export'? The output is definitely not human inspectable, but should be relatively easy to parse to generate such a format. And instead of 'git bundle unbundle' you could use 'git fast-import'. or simply do the conversion in your script. Cheers. -- Felipe Contreras -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html