Re: BUG REPORT: git clone of non-existent repository results in request for credentials

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I was afraid that was the reason. Oh well, at least we know why :-)

Thanks Ævar!

Best-F

> On Nov 11, 2018, at 9:00 AM, Ævar Arnfjörð Bjarmason <avarab@xxxxxxxxx> wrote:
> 
> 
>> On Sun, Nov 11 2018, Federico Lucifredi wrote:
>> 
>> git clone of non-existent repository results in request for credentials
>> 
>> REPRODUCING:
>> sudo apt install git
>> git clone https://github.com/xorbit/LiFePo4owered-Pi.git    #this repo does not exist
>> 
>> Git will then prompt for username and password on Github.
>> 
>> I can see a valid data-leak concern (one could probe for private repository names in a brute-force fashion), but then again the UX impact is appalling. Chances of someone typing an invalid repo name are pretty high, and this error message has nothing to do with the actual error.
>> 
>> RESOLUTION:
>> The error message should indicate that the repository name does not exist.
> 
> This is a legitimate thing to complain about, but it has nothing to do
> with git itself maintained on this mailing list, but the response codes
> of specific git hosting websites. E.g. here's two issues for fixing this
> on GitLab:
> 
> https://gitlab.com/gitlab-org/gitlab-ce/issues/50201
> https://gitlab.com/gitlab-org/gitlab-ce/issues/50660
> 
> These hosting platforms are intentionally producing bad error messages
> to not leak information, as you note.
> 
> So I doubt it's something they'll ever change, the bug I have open with
> this on GitLab is to make this configurable for privately run instances.
> 




[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux