On Wed, 19 Aug 2020 16:17:36 -0400 Jeff King <peff@xxxxxxxx> wrote: > On Wed, Aug 19, 2020 at 12:09:11PM -0700, Junio C Hamano wrote: > > > "Randall S. Becker" <rsbecker@xxxxxxxxxxxxx> writes: > > > > > Just putting my CSIO hat on here. We would need a system-wide setting to > > > prohibit users from using this capability. > > > > Or just discard this patch, which is a lot simpler. I don't see any > > need for this one. > > Yes. Configurability is a lot more complicated than you might think. > Because it's not just system-wide, but _ecosystem_ wide. > > Right now git-fsck complains about ".git" appearing in a tree, and that > check blocks people from pushing such trees to any hosting sites that > enable transfer.fsckObjects (which includes hosters like GitHub). So > you'd not only need to allow the behavior to be loosened for all of the > people using the feature, but you'd need to convince server-side hosters > to loosen their config. And because part of the purpose is to protect > downstream clients from attacks, I doubt that public hosters like GitHub > would do so. I guess they can add a checkbox to their (secured) web-ui to configure this. > It _could_ still be useful in a more isolated environment (e.g., your > company server that is serving only internal repos to employees). But I > have misgivings about a feature that lets people intentionally create > repositories whose history cannot ever interact with other users who > haven't set a special config flag. It's one thing to say "to take > advantage of this feature, we must all agree to have version X, or set > flag Y". But it's another to bake that restriction into the repository > history for all time. Good point. I don't know how we can resolve this, so I will add warning about this (and the security concerns) to the config docs. In the worst-case where the hosting sites don't adopt this config, the user enables and uses this feature despite the warnings and then wants to use a hosting site, he can still rewrite the history. Not nice, but no disaster either. Regards, Lukas Straub > > -Peff
Attachment:
pgpFcijVez3mC.pgp
Description: OpenPGP digital signature
