On 03/09/2014 10:57 PM, Julian Brost wrote:
On 07.03.2014 22:04, Jeff King wrote:
Yes, this is a well-known issue. The only safe operation on a
repository for which somebody else controls hooks and config is to
fetch from it (upload-pack on the remote repository does not
respect any dangerous
Julian Brost jul...@0x4a42.net writes:
On 07.03.2014 22:04, Jeff King wrote:
If you want to work on it, I think it's an interesting area. But
any development would need to think about the transition plan for
existing sites that will be broken.
I can understand the problem with backward
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07.03.2014 22:04, Jeff King wrote:
Yes, this is a well-known issue. The only safe operation on a
repository for which somebody else controls hooks and config is to
fetch from it (upload-pack on the remote repository does not
respect any
On Thu, Mar 06, 2014 at 10:47:43PM +0100, Julian Brost wrote:
I've noticed some behavior of git that might lead to some security
issues if the user is not aware of this.
Assume we have an evil user on a system, let's call him eve. He
prepares a repository where he allows other user to push
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
I've noticed some behavior of git that might lead to some security
issues if the user is not aware of this.
Assume we have an evil user on a system, let's call him eve. He
prepares a repository where he allows other user to push changes to.
If
5 matches
Mail list logo