I've written a really simple TCP git daemon that normally listens on 
port "DEFAULT_GIT_PORT" aka 9418. It waits for a connection, and will just 
execute "git-upload-pack" when it gets one.

It's actually a bit more careful than that, in that there's a magic 
request-line that gives the command and what directory to upload, and it 
verifies that the directory is ok.

In particular, it verifies that the directory has the magic file
"git-daemon-export-ok", and it will refuse to export any git directory 
that hasn't explicitly been marked for export this way.

What I'd ask people to check is how comfortable for example 
would be to have one machine that runs this kind of service? I've tried 
very hard to set it up so that it doesn't have any security issues: the 
daemon can be run as "nobody", and it shouldn't ever even write to any 
files, although I guess we should do a full check of that.

In fact, it doesn't even really accept any user input except for the list
of SHA1's that you give the upload which denote the "I have these" list. 
So I really think it should be hard to fool into doing anything bad, and 
the code isn't _that_ complicated, but hey, it's a daemon. They're always 
buggy, and there are always security issues.

Anyway, this would be a _wonderful_ interface for read-only updates, ie 
people pulling from my (and other peoples) git repositories.

To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at

Reply via email to