RFC: "refs only" restriction for snapshots
mricon at kernel.org
Mon Apr 24 21:52:26 CEST 2017
It would be nice to be able to restrict snapshots only to refs, both for
sanity and for potential security reasons. E.g. see the "Security"
My concern is mostly rogue crawlers that ignore robots.txt and try to
request tarballs for each commit they find (doing HEAD, which appears to
be enough to trigger full-blown response with tarball generation). At
least if snapshot links were only generated for refs, that would reduce
In the meantime, this is easy enough to restrict via the http server,
but this is not the best UX if links are listed, but clicking on them
results in an error message.
Perhaps some setting like "snapshots-refsonly: 0/1"
More information about the CGit