Simon Ruderich <simon@xxxxxxxxxxxx> writes: > Did you consider Stefan Beller's suggestion regarding a > (white)list of allowed versions? > > On Mon, Sep 18, 2017 at 01:06:59PM -0700, Stefan Beller wrote: >> Thinking about this, how about: >> >> If not configured, we do as we want. (i.e. Git has full control over >> it's decision making process, which for now is "favor v0 over v1 as >> we are experimenting with v1". This strategy may change in the future >> to "prefer highest version number that both client and server can speak".) >> >> If it is configured, "use highest configured number from the given set". >> >> ? > > It would also allow the server operator to configure only a > specific set of versions (to handle the "version x is > insecure/slow"-issue raised by Stefan Beller). The current code > always uses the latest protocol supported by the git binary. If we do anything less trivial than "highest supported by both" (and I suspect we want to in the final production version), I'd prefer the configuration to list versions one side supports in decreasing order of preference (e.g. "v3 v0 v2"), and take the earliest from this list that both sides know how to talk, so that we can skip insecure versions altogether by omitting, and we can express that we would rather avoid talking expensive versions unless there is no other version that is understood by the other side.
