On Mon, 2020-01-13 at 21:33 -0800, Kaushik Srenevasan wrote: > A feature that allowed such permanent replacement (say a > `git-blacklist` or a `git-replace --blacklist`) might work as > follows: > 1. Blacklisted objects are stored as references under a new namespace > -- `refs/blacklist`. > 2. The object loader unconditionally translates a blacklisted OID > into > the OID it’s been replaced with. > 3. The `+refs/blacklist/*:refs/blacklist/*` refspec is implicitly > always a part of fetch and push transactions. There are definitely some security implications here. I assume that there's a config on the client to trust the server's refs/blacklist/*, and that the documentation for this explains that it allows your repo to be messed with in quite dangerous ways. And on the server, I would expect that only privileged users could push to refs/blacklist/* To Elijah's point that this is related to partial clones and promisors, I think Kaushik's idea is subtly different in that it involves replacements, while promisors try to offer a seamless experience. I wonder whether Kaushik actually needs the replacement functionality? That is, would it be sufficient if every replaced file were replaced with the exact text "me caga en la leche" instead of a custom hand- crafted replacement? I guess it's a bit complicated because while that's a reasonable blob, it's not a valid commit. So maybe this mechanism would be limited to blobs. I thought about whether we could a different flavor of replacement for commits, but those generally have to be custom because they each have different parents. And if that would be sufficient, could promisors be used for this? I don't know how those interact with fsck and the other commands that you're worried about. Basically, the idea would be to use most of the existing promisor code, and then have a mode where instead of visiting the promisor, we just always return "me caga en la leche" (and this does not have its SHA checked, of course). This could work together with some sort refs/blacklist mechanism to enable the server to choose which objects the client replaces.
