bug#68810: 29.1; Recommending setting transfer.fsckObjects of git to tru

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#68810: 29.1; Recommending setting transfer.fsckObjects of git to tru

From:	Eli Zaretskii
Subject:	bug#68810: 29.1; Recommending setting transfer.fsckObjects of git to true is not necessary
Date:	Tue, 30 Jan 2024 14:27:07 +0200

> From: Stefan Kangas <stefankangas@gmail.com>
> Date: Mon, 29 Jan 2024 19:39:54 -0500
> 
> Lin Jian via "Bug reports for GNU Emacs, the Swiss army knife of text
> editors" <bug-gnu-emacs@gnu.org> writes:
> 
> > Recommendation about setting transfer.fsckObjects of git to true can be
> > found in admin/notes/git-workflow and CONTRIBUTE.  In addition, it is
> > set in autogen.sh.
> >
> > This is triggered by a discussion[1] on emacs-devel.  The first commit
> > about this is cedd7cad092809a97c1ed7fb883b68fa844cea58 on 2016-01-31.
> > However, on 2016-02-04, another discussion[2] shows that git is secure
> > by default so setting this option is not necessary.
> >
> > What about removing this unnecessary recommendation?
> >
> > By the way, the same recommendation can be found on Emacswiki[3][4].
> >
> > [1]: https://lists.gnu.org/r/emacs-devel/2016-01/msg01802.html
> > [2]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813157#29
> > [3]: https://www.emacswiki.org/emacs/GitQuickStartForEmacsDevs
> > [4]: https://www.emacswiki.org/emacs/GitForEmacsDevs
> 
> Are you sure?  The git documentation says:
> 
>     transfer.fsckObjects
> 
>     When fetch.fsckObjects or receive.fsckObjects are not set, the value
>     of this variable is used instead. Defaults to false.
> 
>     When set, the fetch or receive will abort in the case of a malformed
>     object or a link to a nonexistent object. In addition, various other
>     issues are checked for, including legacy issues (see fsck.<msg-id>),
>     and potential security issues like the existence of a .GIT directory
>     or a malicious .gitmodules file (see the release notes for v2.2.1
>     and v2.17.1 for details). Other sanity and security checks may be
>     added in future releases.
> 
> https://git-scm.com/docs/git-config#Documentation/git-config.txt-transferfsckObjects

And I have another question: does this setting cause any harm, or can
cause any harm in some situations?  IOW, what are the downsides of
using this setting?

[Prev in Thread]

Current Thread

[Next in Thread]

bug#68810: 29.1; Recommending setting transfer.fsckObjects of git to true is not necessary, Lin Jian, 2024/01/29
- bug#68810: 29.1; Recommending setting transfer.fsckObjects of git to true is not necessary, Stefan Kangas, 2024/01/29
  - bug#68810: 29.1; Recommending setting transfer.fsckObjects of git to true is not necessary, Lin Jian, 2024/01/30
    - bug#68810: 29.1; Recommending setting transfer.fsckObjects of git to true is not necessary, Eli Zaretskii, 2024/01/30
    - bug#68810: 29.1; Recommending setting transfer.fsckObjects of git to true is not necessary, Lin Jian, 2024/01/30
    - bug#68810: 29.1; Recommending setting transfer.fsckObjects of git to true is not necessary, Eli Zaretskii, 2024/01/30
    - bug#68810: 29.1; Recommending setting transfer.fsckObjects of git to true is not necessary, Stefan Kangas, 2024/01/30
  - bug#68810: 29.1; Recommending setting transfer.fsckObjects of git to true is not necessary, Eli Zaretskii <=
    - bug#68810: 29.1; Recommending setting transfer.fsckObjects of git to true is not necessary, Lin Jian, 2024/01/30

Prev by Date: bug#68668: 30.0.50; Invalid hash table test: tab-bar--auto-width-hash-test
Next by Date: bug#68687: [PATCH] Use text/org media type
Previous by thread: bug#68810: 29.1; Recommending setting transfer.fsckObjects of git to true is not necessary
Next by thread: bug#68810: 29.1; Recommending setting transfer.fsckObjects of git to true is not necessary
Index(es):
- Date
- Thread