On Sat, Sep 21, 2019 at 05:32:03PM -0400, Jason Merrill wrote:
> On Sat, Sep 21, 2019 at 2:18 PM Segher Boessenkool
> <seg...@kernel.crashing.org> wrote:
> >
> > On Thu, Sep 19, 2019 at 03:29:27PM -0400, Jason Merrill wrote:
> > > I suppose we also need to decide what form we want to use for the
> > > equivalent of gcc.gnu.org/rNNNNN. I figure it needs to be some prefix
> > > followed by a "commit-ish" (hash, tag, etc.). Perhaps "g:" as the
> > > prefix, so
> > >
> > > gcc.gnu.org/g:HEAD
> > > gcc.gnu.org/g:gcc-9-branch
> > > gcc.gnu.org/g:3cf0d8938a953e
> >
> > Hrm, but we should probably not allow everything here, some things can
> > be expensive to compute (HEAD~123456 for example), and we don't want to
> > expose the reflog on the server (if there even is one), etc. OTOH
> > allowing pretty much everything here is a quite neat idea.
> >
> > What do we use for gitweb thing? That might have a solution for this
> > already. Currently we seem to use plain gitweb, maybe cgit or similar
> > would be nicer? It looks more modern, anyway :-P
>
> The current gitweb allows all of my examples with a bit longer URL, e.g.
>
> https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=3cf0d8938a953e
Yeah, they are all just refs, that should never be a problem.
> it doesn't seem to allow HEAD~1 or HEAD^. It does allow HEAD@{2}, but
> I don't see what the problem with that would be.
It is an O(n) amount of work for the web server. But not bigger than our
reflogs are, so that is fine if we run gc often enough (which we should
anyway, to keep a healthy fast repo).
This would be a much bigger problem for ~ because a) that isn't limited
in a similar way, and b) it is more expensive in any case (you have to
follow refs to get to the previous version, not simply go to the next
line in a file).
> I was figuring to just rewrite the /g: pattern into the appropriate
> query URL for the git web interface.
Yeah. I'm just cautious about the potential for DoS. But it looks to
be okay.
gitweb disallows some specific characters (and character sequences) here:
if ($input =~ m!(/\.|\.\.|[\000-\040\177 ~^:?*\[]|/$)!) {
return undef;
}
> I have no opinion about which web interface to use. Apparently there
> are many:
> https://git.wiki.kernel.org/index.php/Interfaces,_frontends,_and_tools#Web_Interfaces
Yes, and that is independent of the actual move to git; what we have now
will do for now, and OTOH the web thing can be changed already if we want
to do that.
I like that g: syntax btw.
Segher
