On 17:23 Sat 10 May     , brian m. carlson wrote:
> I don't believe this is possible.  There has been some discussion on
> related matters at least fairly recently, though.
> Part of the reason nobody has implemented this is because it exposes
> additional security concerns.  If I create a commit that references an
> object I don't own, but is in someone else's repository, this feature
> could allow me to gain access to objects which I shouldn't have access
> to unless the authentication and permissions layer is very, very
> careful.  This would make many very simple HTTPS and SSH setups much
> more complex.  Alternates don't have this problem because they're done
> server-side.

If this were implemented service side and specified with, say, a config
option, would this security concern go away?

To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to