On Fri, Feb 12, 2016 at 07:40:43PM -0600, Blake Burkhart wrote: > On Wed, Feb 10, 2016 at 3:49 PM, Jeff King <peff@xxxxxxxx> wrote: > >> 2. Servers that support resumable clone include a "resumable" > >> capability in the advertisement. > > > > Because the magic happens in the git protocol, that would mean this does > > not have to be limited to git-over-http. It could be "resumable=<url>" > > to point the client anywhere (the same server over a different protocol, > > another server, etc). > > I'd like to call this out as a possible security issue before it gets > implemented. Allowing the server to instruct the client what protocol > to use is a security risk. This sounds like a fine feature, just do it > carefully. Thanks for mentioning this. I agree it's a potential issue, and we should use the same solution as submodules, as you pointed out: > To address this GIT_ALLOW_PROTOCOL was introduced, and git-submodule > now uses it as of 33cfccb. This environment variable specifies a > default whitelist of protocols. Whoever implements this should > probably make use of GIT_ALLOW_PROTOCOL to limit resumable clones to > the same default whitelist that git-submodule now uses. -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html