John Keeping <[email protected]> on Wed, 2018/06/27 21:14: > On Wed, Jun 27, 2018 at 06:34:56PM +0200, Jason A. Donenfeld wrote: > > I've merged all the surrounding changes, but I'm not quite satisfied > > with the implementation of this one. > > > > > + for (f_tar = cgit_snapshot_formats; strcmp(f_tar->suffix, > > > ".tar") != 0; f_tar++) > > > + /* nothing */ ; > > > + > > > + } else if (starts_with(f->suffix, ".tar") && > > > cgit_snapshot_get_sig(ref, f_tar)) { > > > + strbuf_setlen(&filename, strlen(filename.buf) - > > > strlen(f->suffix)); > > > + strbuf_addstr(&filename, ".tar.asc"); > > > + html(" ("); > > > + cgit_snapshot_link("sig", NULL, NULL, NULL, > > > NULL, > > > + filename.buf); > > > + html(")"); > > > > Can we, instead, _not_ special case .tar, but rather just allow for > > all signatures, if the note .asc exists? We don't want to serve > > arbitrary tarballs and archives, because this means load and bandwidth > > for the server that wasn't explicitly opted in by the admin, but all > > signatures are necessarily explicitly uploaded, so why restrict them > > from being downloaded? > > I'm not quite sure what you're asking here, this is just printing the > signature link after the snapshow download link. > > The idea here is that if you are downloading a .tar.gz then the > signature for the base .tar is better (it's easier to consistently > generate a .tar than it is a .tar.gz), so the admin will choose to > provide .tar.asc instead of .tar.gz.asc.
John is right. Actually we do allow all signatures to be downloaded, but
choose where to show the tar signature downloads. Providing .tar.asc for .zip
ist pointless, no? :-p
--
main(a){char*c=/* Schoene Gruesse */"B?IJj;MEH"
"CX:;",b;for(a/* Best regards my address: */=0;b=c[a++];)
putchar(b-1/(/* Chris cc -ox -xc - && ./x */b/42*2-3)*42);}
pgpyZNxI8rMBb.pgp
Description: OpenPGP digital signature
_______________________________________________ CGit mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/cgit
