Re: Feature Request: Check if commit is existent via http-protocol

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 2019-11-13 at 13:14:00, Marius Raht wrote:
> Hi there,
> 
> for the development of a git client on a SAP System we need to make sure
> that a specific commit is existent in a specific branch. For that we have to
> ask the git server for the related information via the http protocol. There
> are two option from my point of view to achieve this:
> 
> 1) You can request a specific list of commits of a branch by index (e.g. "1
> to 30 <sha1 of branch>" would send the first 30 commits from the server to
> the client of the branch "master"
> 2) You send a request to the git server to verify that a specific commit is
> within a specific branch´and the response is something like "TRUE" or the
> sha1 of the branch the commit belongs to (branch of the time the commit was
> created).

I think there may be a misunderstanding of the design of the Git HTTP
protocol.  It's essentially a stateless version of the regular Git
protocol which provides data transport (and as a side effect, ref
discovery).  It isn't designed to be an API that can be queried
remotely, and so it intentionally supports an extremely limited set of
functionality.

Git supports a massive number of ways to query data, and there's just no
way to efficiently and securely support all of those methods natively
over an API.  In fact, some operations Git can perform are potentially
expensive, and exposing an API to perform those is a security problem
(due to DoS attacks).

Some of that functionality is available in various Git hosting solutions
through their own APIs, but as far as I'm aware, there aren't any which
perform this operation (which is essentially "git merge-base
--is-ancestor").  If you want this functionality in a particular
platform, I'd encourage you to reach out to the provider of that
platform to ask them if they'd implement it.  However, I don't think
we're likely to implement it in Git's HTTP protocol.

Other contributors are welcome to chime in if anything I said seems
incorrect or off base.
-- 
brian m. carlson: Houston, Texas, US
OpenPGP: https://keybase.io/bk2204

Attachment: signature.asc
Description: PGP signature

[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux