On Mon, Mar 02, 2009 at 11:55:51PM -0800, Junio C Hamano wrote: > As with the previous "git init --remote" patch, my design constraints > includes keeping the door open for "git shell" users to optionally allow > this mode of operation. OK, I thought your original comment was "I don't think this constraint (thinking only of normal shell users) is right, but here is a patch anyway". Which did leave me confused, since it seemed like your patch did not cater just to such users. But I see now what you meant. However, if you are thinking of "git shell" users, then is it not a potential security problem to allow them to create new repositories without the admin explicitly enabling it? If a site is depending on hooks in existing repositories to implement some kind of policy, then isn't this a way to bypass it (not to make changes in those existing repos, obviously, but let's say there is a policy about how disk usage is counted). Even if it isn't a security issue, it might simply be broken. Shawn has said that Gerrit needs extra magic when creating a repository, and I wouldn't be surprised if github and repo.or.cz were the same. With your patch, what switch should a Gerrit admin flip to prevent people from creating broken repos? What about places that might simply want to put some policy in place, like kernel.org having all linux repos point to Linus as alternates? -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
