Re: git push over http is very dangerous

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On Mon, 16 Apr 2007, Christian wrote:
>
> We have moved from CVS to git in the beginning of last week, all went well
> until this weekend. This weekend one developer wanted to push some of his
> local modifications, unfortunately during the push his http connection seemed
> to have broken or so. Unfortunately git does not prove if the push went well.
> Therefore our repository was broken this morning.

I have to agree: pushing over http really is dangerous. It's not 
*supposed* to be (it tries to update the refs only after it has uploaded 
all objects), but it fundamentally cannot do all the validity tests that 
the "real" git transfer processes do on the receiving side.

And I think git-http-push is pretty fundamentally broken anyway. It 
doesn't really seem to check for errors. So it doesn't do some of the 
checks it *could* do.

I would strongly suggest against http pushing (I'd suggest against pulling 
too, but at least you can't screw up too badly by just reading ;)

I'd also love it if somebody were to actually look into making 
http-pushing a bit safer. It really needs somebody who cares about it, or 
it should likely just be disabled entirely (perhaps with a config option 
that you have to enable to get it - so that people *realize* that it's not 
maintained and not really supported).

		Linus

-
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]