Tom Preston-Werner, Sat, Nov 01, 2008 04:35:20 +0100: > Maybe this is worth asking the question: does anybody use git-daemon > for private code? If so, why are they not using SSH instead? And in > that case, how are informative error messages a security risk? Yes. I use both in my private network, with only ssh open to the internet. git-daemon is smaller and faster (started from inetd). And I'm absolutely sure wont ever accidentally push something in the mirrored repos. I never had the error reporting problem in this setup, though. It is a fully controled environment and I can just look in syslog. I support the original reason for not doing the errors, BTW. It cannot be on by default. Heh, try the patch for your private repos and private repos of your employer, who can sack you for exposing confidential information, and open them to internet. Than come back and tell us how safe you feel :) -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
