On Wed, Aug 29, 2018 at 02:09:13PM -0700, Jonathan Nieder wrote:
> Jeff King wrote:
> > On Tue, Aug 28, 2018 at 02:35:25PM -0700, Stefan Beller wrote:
>
> >> Yeah, then let's just convert '/' with as little overhead as possible.
> >
> > Do you care about case-folding issues (e.g., submodules "FOO
On Wed, Aug 29, 2018 at 02:10:37PM -0700, Stefan Beller wrote:
> > Yes, that makes even the capitalized "CON" issues go away. It's not a
> > one-to-one mapping, though ("foo-" and "foo_" map to the same entity).
>
> foo_ would map to foo__, and foo- would map to something else.
> (foo- as we do n
On Wed, Aug 29, 2018 at 2:18 PM Jonathan Nieder wrote:
>
> Hi,
>
> Stefan Beller wrote:
>
> >> Yes, that makes even the capitalized "CON" issues go away. It's not a
> >> one-to-one mapping, though ("foo-" and "foo_" map to the same entity).
> >
> > foo_ would map to foo__, and foo- would map to so
On 08/29, Stefan Beller wrote:
> On Wed, Aug 29, 2018 at 2:09 PM Jonathan Nieder wrote:
> >
> > Jeff King wrote:
> > > On Tue, Aug 28, 2018 at 02:35:25PM -0700, Stefan Beller wrote:
> >
> > >> Yeah, then let's just convert '/' with as little overhead as possible.
> > >
> > > Do you care about case
Hi,
Stefan Beller wrote:
>> Yes, that makes even the capitalized "CON" issues go away. It's not a
>> one-to-one mapping, though ("foo-" and "foo_" map to the same entity).
>
> foo_ would map to foo__, and foo- would map to something else.
> (foo- as we do not rewrite dashes, yet?)
>
>> If we want
On Wed, Aug 29, 2018 at 2:09 PM Jonathan Nieder wrote:
>
> Jeff King wrote:
> > On Tue, Aug 28, 2018 at 02:35:25PM -0700, Stefan Beller wrote:
>
> >> Yeah, then let's just convert '/' with as little overhead as possible.
> >
> > Do you care about case-folding issues (e.g., submodules "FOO" and "fo
> Yes, that makes even the capitalized "CON" issues go away. It's not a
> one-to-one mapping, though ("foo-" and "foo_" map to the same entity).
foo_ would map to foo__, and foo- would map to something else.
(foo- as we do not rewrite dashes, yet?)
>
> If we want that, too, I think something like
Jeff King wrote:
> On Tue, Aug 28, 2018 at 02:35:25PM -0700, Stefan Beller wrote:
>> Yeah, then let's just convert '/' with as little overhead as possible.
>
> Do you care about case-folding issues (e.g., submodules "FOO" and "foo"
> colliding)?
>
> I'm OK if the answer is "no", but if you do want
On Wed, Aug 29, 2018 at 11:10:51AM -0700, Stefan Beller wrote:
> > Do you care about case-folding issues (e.g., submodules "FOO" and "foo"
> > colliding)?
>
> I do. :(
>
> 2d84f13dcb6 (config: fix case sensitive subsection names on writing,
> 2018-08-08)
> explains the latest episode of case fo
On Tue, Aug 28, 2018 at 10:25 PM Jeff King wrote:
>
> On Tue, Aug 28, 2018 at 02:35:25PM -0700, Stefan Beller wrote:
>
> > 3) (optional) instead of putting it all in modules/, use another
> >directory gitmodules/ for example. this will make sure we can tell
> >if a repository has been conv
On Tue, Aug 28, 2018 at 02:35:25PM -0700, Stefan Beller wrote:
> 3) (optional) instead of putting it all in modules/, use another
>directory gitmodules/ for example. this will make sure we can tell
>if a repository has been converted or is stuck with a setup of a
>current git.
I actua
> > > - echo "gitdir:
> > > ../../../.git/modules/sub3/modules/dirdir/subsub"
> > > >./sub3/dirdir/subsub/.git_expect
> > > + echo "gitdir:
> > > ../../../.git/modules/sub3/modules/dirdir%2fsubsub"
> > > >./sub3/dirdir/subsub/.git_expect
> >
> > One interesting thing about u
On 08/15, Jonathan Nieder wrote:
> Stefan Beller wrote:
> > Jonathan Nieder wrote:
>
> >> All at the cost of recording a little configuration somewhere. If we
> >> want to decrease the configuration, we can avoid recording it there in
> >> the easy cases (e.g. when name == gitdirname). That's "j
Jonathan Nieder writes:
> So it would be nice, for future-proofing, if we can change the naming
> scheme later.
> ...
> All at the cost of recording a little configuration somewhere. If we
> want to decrease the configuration, we can avoid recording it there in
> the easy cases (e.g. when name =
Stefan Beller wrote:
> Jonathan Nieder wrote:
>> All at the cost of recording a little configuration somewhere. If we
>> want to decrease the configuration, we can avoid recording it there in
>> the easy cases (e.g. when name == gitdirname). That's "just" an
>> optimization.
>
> Sounds good, but
> [...]
all good reasons; ship it :-)
> All at the cost of recording a little configuration somewhere. If we
> want to decrease the configuration, we can avoid recording it there in
> the easy cases (e.g. when name == gitdirname). That's "just" an
> optimization.
Sounds good, but gerrit for ex
Hi again,
Stefan Beller wrote:
> On Tue, Aug 14, 2018 at 2:12 PM Jonathan Nieder wrote:
>> What if we forbid directory separator characters in the gitdirname?
>
> Fine with me, but ideally we'd want to allow sharding the
> submodules. When you have 1000 submodules
> we'd want them not all inside
At 15:33 -0700 08 Aug 2018, Brandon Williams wrote:
Teach "submodule_name_to_gitdir()" to munge a submodule's name (by url
encoding it) before using it to build a path to the submodule's gitdir.
Seems like this will be a problem if it results in names that exceed
NAME_MAX? On common systems t
On Tue, Aug 14, 2018 at 2:12 PM Jonathan Nieder wrote:
>
> Hi,
>
> Stefan Beller wrote:
> > On Tue, Aug 14, 2018 at 11:57 AM Jonathan Nieder wrote:
>
> >> Second, what if we store the pathname in config? We already store the
> >> URL there:
> >>
> >> [submodule "plugins/hooks"]
> >>
Hi,
Stefan Beller wrote:
> On Tue, Aug 14, 2018 at 11:57 AM Jonathan Nieder wrote:
>> Second, what if we store the pathname in config? We already store the
>> URL there:
>>
>> [submodule "plugins/hooks"]
>> url = https://gerrit.googlesource.com/plugins/hooks
>>
>> So we
On Tue, Aug 14, 2018 at 11:57 AM Jonathan Nieder wrote:
>
> Hi,
>
> Brandon Williams wrote:
> > On 08/09, Jeff King wrote:
>
> >> One interesting thing about url-encoding is that it's not one-to-one.
> >> This case could also be %2F, which is a different file (on a
> >> case-sensitive filesystem).
On Tue, Aug 14, 2018 at 11:04:06AM -0700, Brandon Williams wrote:
> > I think this backwards-compatibility is necessary to avoid pain. But
> > until it goes away, I don't think this is helping the vulnerability from
> > 0383bbb901. Because there the issue was that the submodule name pointed
> > ba
Hi,
Brandon Williams wrote:
> On 08/09, Jeff King wrote:
>> One interesting thing about url-encoding is that it's not one-to-one.
>> This case could also be %2F, which is a different file (on a
>> case-sensitive filesystem). I think "%20" and "+" are similarly
>> interchangeable.
>>
>> If we were
On 08/09, Jeff King wrote:
> On Wed, Aug 08, 2018 at 03:33:23PM -0700, Brandon Williams wrote:
>
> > Commit 0383bbb901 (submodule-config: verify submodule names as paths,
> > 2018-04-30) introduced some checks to ensure that submodule names don't
> > include directory traversal components (e.g. ".
On Wed, Aug 08, 2018 at 03:33:23PM -0700, Brandon Williams wrote:
> Commit 0383bbb901 (submodule-config: verify submodule names as paths,
> 2018-04-30) introduced some checks to ensure that submodule names don't
> include directory traversal components (e.g. "../").
>
> This addresses the vulnera
Commit 0383bbb901 (submodule-config: verify submodule names as paths,
2018-04-30) introduced some checks to ensure that submodule names don't
include directory traversal components (e.g. "../").
This addresses the vulnerability identified in 0383bbb901 but the root
cause is that we use submodule n
26 matches
Mail list logo
