Sean Whitton writes ("Re: Bug#1117924: git-debpush accessibility check can be
defeated by insteadOf"):
> On Sun 12 Oct 2025 at 03:26pm +01, Ian Jackson wrote:
> > Open questions: (i) should this involve pushInsteadOf or insteadOf
> > or both? (ii) is there a way to implement this by calling git,
> > other than by reimplementing git's algorithm?
>
> My notes say:
>
> 'git remote get-url --push origin' will expand insteadOf and
> pushInsteadOf for us.
>
> For a plain URL that is not a named remote, there is a way to expand
> insteadOf, but not pushInsteadOf (or at least there wasn't in 2019).
> But I don't think this limitation affects us as git-debpush is always
> using named remotes.
This is all very well, but my analysis demands that we do the
resolution one step at a time so that we can spot intermediate values.
I guess we could use this as a sanity check that we're not doing
something utterly mad at the end...
> > Contrary to Sean's opinion, I think this is also a reasononable
> > configuration. One reason to do this rather than pushInsteadOf is
> > that it switches authentication for read-only accesses from the X.509
> > TLS cabal, to ssh.
>
> Not contrary to my opinion -- I was suggesting pushInsteadOf as a quick
> fix, and agree that using SSH all the time is reasonable.
Oh, sorry for the misunderstanding.
Ian.
--
Ian Jackson <[email protected]> These opinions are my own.
Pronouns: they/he. If I emailed you from @fyvzl.net or @evade.org.uk,
that is a private address which bypasses my fierce spamfilter.
