[PATCH 1/4] snapshots: Don't allow sneaked in snapshots requests

Jason A. Donenfeld Jason at zx2c4.com
Sun Oct 28 21:40:35 CET 2012


On Sun, Oct 28, 2012 at 2:18 PM, Sebastian Andrzej Siewior
<sebastian at breakpoint.cc> wrote:
> If the snapshots are not enabled then the frontend won't show a link to it.
> The skilled user however may construct the URL on his own and the frontend
> will obey the request.
> This patch adds a check for this case so the requst won't be served.

What's the purpose of this? I kind of like just having tar.xz and zip
enabled on mine, and then for folks who need tar.gz (like for bsd pkg
managers), they can have the other link. That way UI clutter is
minimized while the functionality stays in tact.

"Disabling snapshots" as a security "feature" isn't really so valid either.




More information about the CGit mailing list