On 17:23 Sat 10 May , brian m. carlson wrote: > I don't believe this is possible. There has been some discussion on > related matters at least fairly recently, though. > > Part of the reason nobody has implemented this is because it exposes > additional security concerns. If I create a commit that references an > object I don't own, but is in someone else's repository, this feature > could allow me to gain access to objects which I shouldn't have access > to unless the authentication and permissions layer is very, very > careful. This would make many very simple HTTPS and SSH setups much > more complex. Alternates don't have this problem because they're done > server-side.
If this were implemented service side and specified with, say, a config option, would this security concern go away? -- milki -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
