Hey Christian,
I've merged all the surrounding changes, but I'm not quite satisfied
with the implementation of this one.
> + for (f_tar = cgit_snapshot_formats; strcmp(f_tar->suffix, ".tar") !=
> 0; f_tar++)
> + /* nothing */ ;
> +
> + } else if (starts_with(f->suffix, ".tar") &&
> cgit_snapshot_get_sig(ref, f_tar)) {
> + strbuf_setlen(&filename, strlen(filename.buf) -
> strlen(f->suffix));
> + strbuf_addstr(&filename, ".tar.asc");
> + html(" (");
> + cgit_snapshot_link("sig", NULL, NULL, NULL, NULL,
> + filename.buf);
> + html(")");
Can we, instead, _not_ special case .tar, but rather just allow for
all signatures, if the note .asc exists? We don't want to serve
arbitrary tarballs and archives, because this means load and bandwidth
for the server that wasn't explicitly opted in by the admin, but all
signatures are necessarily explicitly uploaded, so why restrict them
from being downloaded?
Regards,
Jason
_______________________________________________
CGit mailing list
[email protected]
https://lists.zx2c4.com/mailman/listinfo/cgit
