From: Junio C Hamano Date: Tue, 17 Jan 2017 23:19:10 +0000 (-0800) Subject: Merge branch 'mm/push-social-engineering-attack-doc' into maint X-Git-Tag: v2.11.1~25 X-Git-Url: https://git.lorimer.id.au/gitweb.git/diff_plain/f976c89a2028ab4661276c8ca40e003e89e01a38 Merge branch 'mm/push-social-engineering-attack-doc' into maint Doc update on fetching and pushing. * mm/push-social-engineering-attack-doc: doc: mention transfer data leaks in more places --- f976c89a2028ab4661276c8ca40e003e89e01a38 diff --cc Documentation/config.txt index febf95d6c6,780fbdf41c..9705b94b22 --- a/Documentation/config.txt +++ b/Documentation/config.txt @@@ -2969,13 -2824,11 +2977,16 @@@ uploadpack.allowReachableSHA1InWant: Allow `upload-pack` to accept a fetch request that asks for an object that is reachable from any ref tip. However, note that calculating object reachability is computationally expensive. - Defaults to `false`. + Defaults to `false`. Even if this is false, a client may be able + to steal objects via the techniques described in the "SECURITY" + section of the linkgit:gitnamespaces[7] man page; it's best to + keep private data in a separate repository. +uploadpack.allowAnySHA1InWant:: + Allow `upload-pack` to accept a fetch request that asks for any + object at all. + Defaults to `false`. + uploadpack.keepAlive:: When `upload-pack` has started `pack-objects`, there may be a quiet period while `pack-objects` prepares the pack. Normally