Re: [PATCH] diff-options: document default similarity index
On Fri, Jul 05, 2013 at 02:00:40AM -0700, Junio C Hamano wrote: > Fraser Tweedale writes: > > > The default similarity index of 50% is documented in gitdiffcore(7) > > but it is worth also mentioning it in the description of the > > -M/--find-renames option. > > Is it? I am not sure if it is worth it. The -M description goes on at some length to explain how to specify a particular value. Surely a brief mention of the default value is also warranted, especially since the pointer to gitdiffcore(7) for a more detailed explanation of the options appears quite a way below. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH] diff-options: document default similarity index
The default similarity index of 50% is documented in gitdiffcore(7) but it is worth also mentioning it in the description of the -M/--find-renames option. Signed-off-by: Fraser Tweedale --- Documentation/diff-options.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Documentation/diff-options.txt b/Documentation/diff-options.txt index a85288f..d6e4db4 100644 --- a/Documentation/diff-options.txt +++ b/Documentation/diff-options.txt @@ -333,7 +333,7 @@ endif::git-log[] a fraction, with a decimal point before it. I.e., `-M5` becomes 0.5, and is thus the same as `-M50%`. Similarly, `-M05` is the same as `-M5%`. To limit detection to exact renames, use - `-M100%`. + `-M100%`. The default similarity index is 50%. -C[]:: --find-copies[=]:: -- 1.8.3.1 -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH] documentation: add git transport security notice
The fact that the git transport does not do any authentication is
easily overlooked. For example, DNS poisoning may result in
fetching from somewhere that was not intended.
Add a brief security notice to the "GIT URLS" section of the
documentation stating that the git transport should be used with
caution on unsecured networks.
Signed-off-by: Fraser Tweedale
---
Documentation/urls.txt | 3 +++
1 file changed, 3 insertions(+)
diff --git a/Documentation/urls.txt b/Documentation/urls.txt
index 60ba300..9c8f524 100644
--- a/Documentation/urls.txt
+++ b/Documentation/urls.txt
@@ -11,6 +11,9 @@ and ftps can be used for fetching and rsync can be used for
fetching
and pushing, but these are inefficient and deprecated; do not use
them).
+The git transport does not do any authentication and should be used
+with caution on unsecured networks.
+
The following syntaxes may be used with them:
- ssh://{startsb}user@{endsb}host.xz{startsb}:port{endsb}/path/to/repo.git/
--
1.8.3.1
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH] documentation: add git transport security notice
The fact that the git transport does not do any authentication is
easily overlooked. For example, DNS poisoning may result in
fetching from somewhere that was not intended.
Add a brief security notice to the "GIT URLS" section
of the documentation stating that the git transport should be used
with caution on unsecured networks.
Signed-off-by: Fraser Tweedale
---
Documentation/urls.txt | 3 +++
1 file changed, 3 insertions(+)
diff --git a/Documentation/urls.txt b/Documentation/urls.txt
index 3ca122f..b58a647 100644
--- a/Documentation/urls.txt
+++ b/Documentation/urls.txt
@@ -11,6 +11,9 @@ and ftps can be used for fetching and rsync can be used for
fetching
and pushing, but these are inefficient and deprecated; do not use
them).
+The git transport does not do any authentication and should be used
+with caution on unsecured networks.
+
The following syntaxes may be used with them:
- ssh://{startsb}user@{endsb}host.xz{startsb}:port{endsb}/path/to/repo.git/
--
1.8.3.1
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] documentation: add git transport security notice
On Mon, Jun 24, 2013 at 09:24:29AM -0700, Junio C Hamano wrote: > Fraser Tweedale writes: > > > The fact that the git transport has no end-to-end security is easily > > overlooked. Add a brief security notice to the "GIT URLS" section > > of the documentation stating that the git transport should be used > > with caution on unsecured networks. > > > > Signed-off-by: Fraser Tweedale > > --- > > Documentation/urls.txt | 3 +++ > > 1 file changed, 3 insertions(+) > > > > diff --git a/Documentation/urls.txt b/Documentation/urls.txt > > index 3ca122f..c218af5 100644 > > --- a/Documentation/urls.txt > > +++ b/Documentation/urls.txt > > @@ -11,6 +11,9 @@ and ftps can be used for fetching and rsync can be used > > for fetching > > and pushing, but these are inefficient and deprecated; do not use > > them). > > > > +The git protocol provides no end-to-end security and should be used > > +with caution on unsecured networks. > > Is this necessary? > > I thought we already say the git protocol does not even authenticate > elsewhere in the document, and if not, I think it is a sensible > thing to say here. And once it is done, I doubt it is necessary to > bring up a narrower concept such as "end-to-end security" which > requires a lot more than authentication. > Certainly in this part of the documentation there is no mention of (lack of) authentication or security concerns. git-daemon(1) does mention the lack of authentication in the SERVICES/receive-pack section. Once you are aware that the git transport is insecure it seems obvious in hindsight, but even as a security-minded person I simply overlooked this until recently. A brief note in the GIT URLS section (which is included in the man pages for a number of essential commands) would have brought this to my attention much sooner. Junio, do you prefer the following more generic wording? If so I will re-roll the patch (also note s/protocol/transport/ which is more appropriate, I think). The git transport is insecure and should be used with caution on unsecured networks. > The only thing git protocol ensures is that the receiving end > validates that what is fetched from an unknown server, and what is > pushed by an unknown pusher, is internally consistent. > > If you allowed a push over the git protocol by enabling the > receive-pack service in "git daemon" (not recommended), you may > allow anonymous users to delete branches and to do other funky > things unless you protect your repository with pre-receive hook, but > that won't corrupt the repository (of course, deleting all the refs > may make the repository an empty but not corrupt one, which is just > as unusable as a corrupt one, so there may not be a huge practical > difference). If you fetched from an unauthenticated server, > possibly with MITM, over the git protocol, you may end up getting > something you did not ask for, but the resulting history in your > repository would still be internally consistent (the commits may be > malicious ones, of course, but that is what signed tags are there to > protect you against). -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] documentation: fix asterisks in fetch-options
Right you are. I missed that; apologies for the noise.
Fraser
On Mon, Jun 24, 2013 at 01:35:13PM +0200, Thomas Rast wrote:
> Fraser Tweedale writes:
>
> > diff --git a/Documentation/fetch-options.txt
> > b/Documentation/fetch-options.txt
> > index 9cb6496..f2ac3bc 100644
> > --- a/Documentation/fetch-options.txt
> > +++ b/Documentation/fetch-options.txt
> > @@ -61,11 +61,12 @@ endif::git-pull[]
> > ifndef::git-pull[]
> > -t::
> > --tags::
> > - This is a short-hand for giving "refs/tags/*:refs/tags/*"
> > - refspec from the command line, to ask all tags to be fetched
> > - and stored locally. Because this acts as an explicit
> > - refspec, the default refspecs (configured with the
> > - remote.$name.fetch variable) are overridden and not used.
> > + This is a short-hand for giving
> > + "refs/tags/{asterisk}:refs/tags/{asterisk}" refspec from the
> > + command line, to ask all tags to be fetched and stored
> > + locally. Because this acts as an explicit refspec, the
> > + default refspecs (configured with the remote.$name.fetch
> > + variable) are overridden and not used.
>
> Wasn't this already fixed by 9eb4754 (fetch-options.txt: prevent a
> wildcard refspec from getting misformatted, 2013-06-07), currently in
> master?
>
> --
> Thomas Rast
> trast@{inf,student}.ethz.ch
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH] documentation: fix asterisks in fetch-options
Fix refspec asterisks in the -t/--tags section of the fetch-options
documentation.
Signed-off-by: Fraser Tweedale
---
Documentation/fetch-options.txt | 11 ++-
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/Documentation/fetch-options.txt b/Documentation/fetch-options.txt
index 9cb6496..f2ac3bc 100644
--- a/Documentation/fetch-options.txt
+++ b/Documentation/fetch-options.txt
@@ -61,11 +61,12 @@ endif::git-pull[]
ifndef::git-pull[]
-t::
--tags::
- This is a short-hand for giving "refs/tags/*:refs/tags/*"
- refspec from the command line, to ask all tags to be fetched
- and stored locally. Because this acts as an explicit
- refspec, the default refspecs (configured with the
- remote.$name.fetch variable) are overridden and not used.
+ This is a short-hand for giving
+ "refs/tags/{asterisk}:refs/tags/{asterisk}" refspec from the
+ command line, to ask all tags to be fetched and stored
+ locally. Because this acts as an explicit refspec, the
+ default refspecs (configured with the remote.$name.fetch
+ variable) are overridden and not used.
--recurse-submodules[=yes|on-demand|no]::
This option controls if and under what conditions new commits of
--
1.8.3.1
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH] diff-options: document default similarity index
The default similarity index of 50% is documented in gitdiffcore(7) but it is worth also mentioning it in the description of the -M/--find-renames option. Signed-off-by: Fraser Tweedale --- Documentation/diff-options.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Documentation/diff-options.txt b/Documentation/diff-options.txt index b8a9b86..69bb3a6 100644 --- a/Documentation/diff-options.txt +++ b/Documentation/diff-options.txt @@ -333,7 +333,7 @@ endif::git-log[] a fraction, with a decimal point before it. I.e., `-M5` becomes 0.5, and is thus the same as `-M50%`. Similarly, `-M05` is the same as `-M5%`. To limit detection to exact renames, use - `-M100%`. + `-M100%`. The default similarity index is 50%. -C[]:: --find-copies[=]:: -- 1.8.3.1 -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH] documentation: add git transport security notice
The fact that the git transport has no end-to-end security is easily
overlooked. Add a brief security notice to the "GIT URLS" section
of the documentation stating that the git transport should be used
with caution on unsecured networks.
Signed-off-by: Fraser Tweedale
---
Documentation/urls.txt | 3 +++
1 file changed, 3 insertions(+)
diff --git a/Documentation/urls.txt b/Documentation/urls.txt
index 3ca122f..c218af5 100644
--- a/Documentation/urls.txt
+++ b/Documentation/urls.txt
@@ -11,6 +11,9 @@ and ftps can be used for fetching and rsync can be used for
fetching
and pushing, but these are inefficient and deprecated; do not use
them).
+The git protocol provides no end-to-end security and should be used
+with caution on unsecured networks.
+
The following syntaxes may be used with them:
- ssh://{startsb}user@{endsb}host.xz{startsb}:port{endsb}/path/to/repo.git/
--
1.8.3.1
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH] push: fix segfault when HEAD points nowhere
When reporting the outcome of a push, a segfault occurs if HEAD does
not point somewhere. Check that HEAD points somewhere before trying
to strcmp it.
Signed-off-by: Fraser Tweedale
---
transport.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/transport.c b/transport.c
index 9932f40..b9306ef 100644
--- a/transport.c
+++ b/transport.c
@@ -741,7 +741,7 @@ void transport_print_push_status(const char *dest, struct
ref *refs,
n += print_one_push_status(ref, dest, n, porcelain);
if (ref->status == REF_STATUS_REJECT_NONFASTFORWARD &&
*nonfastforward != NON_FF_HEAD) {
- if (!strcmp(head, ref->name))
+ if (head != NULL && !strcmp(head, ref->name))
*nonfastforward = NON_FF_HEAD;
else
*nonfastforward = NON_FF_OTHER;
--
1.8.1.1
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
