On Tue, Dec 18, 2018 at 10:28:27AM +0100, Ævar Arnfjörð Bjarmason wrote: > I.e. have a repo with "master" and a "root-password" branch, where the > "root-password" branch has content that's irresistible to "git repack" > for delta purposes, do we end up sending the "root-password" content > over on a fetch even when that branch isn't advertised & forbidden? > > Or, if that fails are there ways to make it work? E.g. using hidden/* in > combination with delta islands? Delta islands wouldn't generally help here. They only tell us not to store on-disk deltas that fetching clients aren't likely to be able to reuse (i.e, they want X but will generally not have Y, so don't make a delta there). In the attacks I mentioned in my previous email, the deltas would usually be computed on the fly for each fetch. So the lack of on-disk deltas across "security boundaries" wouldn't help. You could disable on-the-fly delta compression, but the resulting packs are much larger (and you'd think it would save some server CPU, but experiments I've done show that it helps a lot less than you'd think, since we often end up zlib-deflating more bytes). -Peff
