On Thu, Jan 30, 2020 at 8:21 AM Jeff King <peff@xxxxxxxx> wrote: > > On Wed, Jan 29, 2020 at 08:50:13PM +0100, Han-Wen Nienhuys wrote: > > > > That might be a good enough safety. I guess the next question would be, would > > > it be OK for reftable to ignore and entries under the refs/ dir if they happen > > > to appear there somehow? > > > > I propose to ignore refs/ if it is read-only, and fail if it is r/w. > > We're not going to look over the files under refs/ . If people > > actively try to shoot themselves in the foot, why would we stop them? > > I'm worried that playing games with permissions is going to lead to > confusing outcomes. There are reasons one might want a r/o refs/ > directory with the current system (e.g., you could have a repository on > a read-only mount). Or you might have a system which doesn't implement > the full POSIX permissions, and everything appears to be r/w by the > user. OK, so permissions are out. How about: HEAD - convincing enough for old versions to accept refs/ - a standard rwx directory reftable/ - a normal directory reftable-list - the list of tables reads/heads - a file containing "this repo uses reftables. Upgrade to git vXYZ" this would prevent people from erroneously creating normal branches. -- Han-Wen Nienhuys - Google Munich I work 80%. Don't expect answers from me on Fridays. -- Google Germany GmbH, Erika-Mann-Strasse 33, 80636 Munich Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg Geschäftsführer: Paul Manicle, Halimah DeLaine Prado
