On 2024-05-13 at 19:00:14, lbdyck@xxxxxxxxx wrote: > I have to interject here that the git client doing a push must be fully > authenticated which implies to me that all the information required is > available to do so and allow the server repository to be updated. First of all, the authentication required to _create_ a repository need not be the same as to _read_ or _write_ a repository. It might require a totally different set of scopes or privileges to create a new repository, which many users will have avoided giving to their credentials for least-privilege reasons. Second, there's no standard API to perform that functionality, and the implementation varies widely on different forges. There are also people who don't use forges at all, or use tooling like gitolite[0] that handles this differently. Adding such functionality into the Git protocol requires intertwining that functionality and the services that provide it with the standard forge API, so it's likely to be very complex for forges to implement using the same functionality as Git uses currently. Third, we specifically try not to prioritize any individual piece of software or project here. Even if there are many common forges, we won't ship tooling that's specific to GitHub, GitLab, or Bitbucket, since that prioritizes those users over others. Since there's no standard API for this, we won't be adding any forge-specific functionality to Git. Even if we decided to implement a standard API for doing this, it doesn't mean that forges would adopt it. Many forges don't implement `git-archive` over SSH, for example, since it's hard to cache versus using HTTP. [0] gitolite actually allows you to create repositories by just pushing to them if you have permissions to do so in the configuration. -- brian m. carlson (they/them or he/him) Toronto, Ontario, CA
Attachment:
signature.asc
Description: PGP signature
