[PATCH v3 1/1] snapshot: support tar signature for compressed tar
Jason A. Donenfeld
Jason at zx2c4.com
Wed Jun 27 18:34:56 CEST 2018
Hey Christian,
I've merged all the surrounding changes, but I'm not quite satisfied
with the implementation of this one.
> + for (f_tar = cgit_snapshot_formats; strcmp(f_tar->suffix, ".tar") != 0; f_tar++)
> + /* nothing */ ;
> +
> + } else if (starts_with(f->suffix, ".tar") && cgit_snapshot_get_sig(ref, f_tar)) {
> + strbuf_setlen(&filename, strlen(filename.buf) - strlen(f->suffix));
> + strbuf_addstr(&filename, ".tar.asc");
> + html(" (");
> + cgit_snapshot_link("sig", NULL, NULL, NULL, NULL,
> + filename.buf);
> + html(")");
Can we, instead, _not_ special case .tar, but rather just allow for
all signatures, if the note .asc exists? We don't want to serve
arbitrary tarballs and archives, because this means load and bandwidth
for the server that wasn't explicitly opted in by the admin, but all
signatures are necessarily explicitly uploaded, so why restrict them
from being downloaded?
Regards,
Jason
More information about the CGit
mailing list