On Wed, 3 Dec 2008, Giuseppe Bilotta wrote: > On Wed, Dec 3, 2008 at 12:19 PM, Junio C Hamano <gitster@xxxxxxxxx> wrote: >> Giuseppe Bilotta <giuseppe.bilotta@xxxxxxxxx> writes: >> >>> We thus create a new view that can be fed to git-am directly by exposing >>> the output of git format-patch directly. This allows patch exchange and >>> submission via gitweb. A hard limit (configurable, defaults to 100) is >>> imposed on the number of commits which will be included in a patchset, >>> to prevent DoS attacks on the server. >> >> Hmm, I would imagine that "snapshot" would be a much more effective way to >> do such an attack, and notice the way we prevent it is to selectively >> enable the feature per repository. >> >> Perhaps this configuration should also be a feature defined in %feature, >> overridable by each repository? If you default it to "disabled" (as any >> new feature typically does), you do not have to yank a random number such >> as 100 out of thin air. > > I thought about it, but then I thought it was way too useful for > single patches to disable the feature a priori. I'd rather make the > default limit much smaller (like the original 16 commits I had in > mind, or even less). Perhaps %feature can be used to configure _maximum_ number of patches in 'patch' / 'format_patch' view (gitweb_get_feature... well, sort of as gitweb_check_feature would work too), rather than checking if it is enabled or disabled? -- Jakub Narebski Poland -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
