Hi, On Thu, 24 May 2007, Sven Verdoolaege wrote: > On Thu, May 24, 2007 at 03:29:45AM -0400, Shawn O. Pearce wrote: > > Why? Their configuration is their configuration. Who knows what > > they have stored there. Look at the recent cvsserver config options, > > there's now a lot of information about the SQL database that backs > > cvsserver. That stuff shouldn't be public. > > For http:// or rsync:// it's public already; for ssh://, if you are > allowed to access the git repo, you can read the config as well; for > git://, we can dump a predefined selection of configuration variables. I sanitized a once-public repo, which was _not_ updated via http-push (in which case you'd not see a meaningful config anyway), where the permissions prevented the config from being read. > > If you want to publish something for a client to fetch, it should be > > done by publishing a Git object referenced by a proper ref: blob, > > tree, commit, tag, take your pick. > > You mean like a tag "submodules" that points to a text file > describing the submodules? > That's a bit of a pain to set up since you would want that > to be independent of your project. I could imagine this to be another extension of ls-remote. Ciao, Dscho - To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
