On Wed, Jan 14, 2009 at 11:48:38AM +0100, Jan Engelhardt wrote: > This is much shorter than inet_ntop'ing, and also translated > unresolvable addresses into a string. Er, doesn't this totally change the meaning of REMOTE_ADDR from an IP address to a hostname? That seems bad because: - people already have hooks that compare REMOTE_ADDR against an address, so we are breaking their hooks - we are losing IP information in favor of hostname information; since (I assume) this is primarily intended for IP-based access control, we are adding an extra layer of indirection in the middle of our security model (i.e., I used to have to spoof an IP to fool your hook, but now I can do that _or_ spoof DNS). So at the very least, you should be adding REMOTE_HOST in _addition_ to REMOTE_ADDR, not instead of. But that still leaves one final concern, which is that some git-daemon admins might not want to pay the cost for a reverse lookup for every request. It's extra network traffic, and adds extra latency to the process (but I don't personally run git-daemon, and I don't know whether big sites like kernel.org actually care about this). -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html