On Wed, Dec 3, 2008 at 12:19 PM, Junio C Hamano <gitster@xxxxxxxxx> wrote: > Giuseppe Bilotta <giuseppe.bilotta@xxxxxxxxx> writes: > >> We thus create a new view that can be fed to git-am directly by exposing >> the output of git format-patch directly. This allows patch exchange and >> submission via gitweb. A hard limit (configurable, defaults to 100) is >> imposed on the number of commits which will be included in a patchset, >> to prevent DoS attacks on the server. > > Hmm, I would imagine that "snapshot" would be a much more effective way to > do such an attack, and notice the way we prevent it is to selectively > enable the feature per repository. > > Perhaps this configuration should also be a feature defined in %feature, > overridable by each repository? If you default it to "disabled" (as any > new feature typically does), you do not have to yank a random number such > as 100 out of thin air. I thought about it, but then I thought it was way too useful for single patches to disable the feature a priori. I'd rather make the default limit much smaller (like the original 16 commits I had in mind, or even less). -- Giuseppe "Oblomov" Bilotta -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
