On Mon, Feb 6, 2017 at 2:23 PM, Samuel Lijin <sxlijin@xxxxxxxxx> wrote:
> I'm just going to go ahead and split this off the git/git-scm.com
> issues thread since this is a distinct topic.
>
> On Mon, Feb 6, 2017 at 12:49 PM, Jeff King <peff@xxxxxxxx> wrote:
>> On Mon, Feb 06, 2017 at 05:18:03PM +0700, Duy Nguyen wrote:
>>
>>> On Mon, Feb 6, 2017 at 1:15 PM, Samuel Lijin <sxlijin@xxxxxxxxx> wrote:
>>> > # Irrelevant but someone should take a look
>>> >
>>> > 693
>>>
>>> To save people some time (and since i looked at it anyway), this is
>>> about whether "warning in tree xxx: contains zero-padded file modes:
>>> from fsck should be a warning or error. It is a warning now even
>>> though "git -c transfer.fsckobjects=true clone" treats it as an error.
>>> There are some discussions in the past [1] [2] about this.
>
> I think you forgot to link to [2] :p
>
>> The bug that caused the trees is long-fixed. There's a question of
>> how severity levels should be handled in transfer.fsckObjects. By
>> default it treats everything as a reason to reject the object. Dscho
>> added configurable levels a few versions ago. It may be a good idea to
>> tweak the defaults to something more permissive[1].
>>
>>> There's also a question "And I failed to find in the documentation if
>>> transfer.fsckobjects could be disabled per repository, can you confirm
>>> it's not possible for now ?"
>>
>> I don't know why it wouldn't be, though note that it won't override
>> the operation-specific {receive,fetch}.fsckObjects.
>>
>> -Peff
>>
>> [1] If we had a more permissive set of defaults, it would probably make
>> sense to turn on fsckObjects by default. Some of the checks are
>> security-relevant, like disallowing trees with ".GIT",
>> "../../etc/passwd", etc. Those _should_ be handled sanely by the
>> rest of Git, but it serves as a belt-and-suspenders check, and also
>> protects anybody with a buggy Git downstream from you.
>>
>> GitHub has had the feature turned on for ages, with a few caveats:
>>
>> - we loosened the zero-padded mode warning, because it was causing
>> too many false positives
>>
>> - we loosened the timezone checks for the same reason; we've seen
>> time zones that aren't exactly 4 characters before
>>
>> - we occasionally get complaints from people trying to push old
>> histories with bogus committer idents. Usually a missing name or
>> similar.
>>
>> So those are the ones we'd probably need to loosen off the bat, and
>> they're all pretty harmless. But it would be a potential irritating
>> regression for somebody if they have a history with other minor
>> flaws, and Git suddenly starts refusing to clone it.
>
> The linked issue on bugs.debian.org has seen activity recently, which
> is the main reason I mentioned it separately as still relevant:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=743227
I take it back: last activity was in Feb 2016. >_<