git-commit-vandalism/contrib
Christian Couder e693237e2b list-objects-filter: disable 'sparse:path' filters
If someone wants to use as a filter a sparse file that is in the
repository, something like "--filter=sparse:oid=<ref>:<path>"
already works.

So 'sparse:path' is only interesting if the sparse file is not in
the repository. In this case though the current implementation has
a big security issue, as it makes it possible to ask the server to
read any file, like for example /etc/password, and to explore the
filesystem, as well as individual lines of files.

If someone is interested in using a sparse file that is not in the
repository as a filter, then at the minimum a config option, such
as "uploadpack.sparsePathFilter", should be implemented first to
restrict the directory from which the files specified by
'sparse:path' can be read.

For now though, let's just disable 'sparse:path' filters.

Helped-by: Matthew DeVore <matvore@google.com>
Helped-by: Jeff Hostetler <git@jeffhostetler.com>
Signed-off-by: Christian Couder <chriscool@tuxfamily.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2019-05-29 11:05:34 -07:00
..
buildsystems
coccinelle Merge branch 'nd/sha1-name-c-wo-the-repository' 2019-05-09 00:37:25 +09:00
completion list-objects-filter: disable 'sparse:path' filters 2019-05-29 11:05:34 -07:00
contacts
credential mingw: load system libraries the recommended way 2018-10-24 14:48:00 +09:00
diff-highlight diff-highlight: use correct /dev/null for UNIX and Windows 2019-05-09 12:18:44 +09:00
emacs git{,-blame}.el: remove old bitrotting Emacs code 2018-04-16 17:25:49 +09:00
examples Merge branch 'bw/c-plus-plus' into ds/lazy-load-trees 2018-04-11 10:46:32 +09:00
fast-import import-tars: read overlong names from pax extended header 2018-05-24 08:35:51 +09:00
git-jump contrib/git-jump/git-jump: jump to exact location 2018-06-22 12:59:02 -07:00
git-shell-commands
hg-to-git Replace Free Software Foundation address in license notices 2017-11-09 13:21:21 +09:00
hooks git-multimail: update to release 1.5.0 2019-01-07 11:56:09 -08:00
long-running-filter
mw-to-git mw-to-git/t9360: fix broken &&-chain 2018-07-31 11:23:23 -07:00
persistent-https
remote-helpers
stats
subtree contrib/subtree: ensure only one rev is provided 2019-03-12 17:38:03 +09:00
svn-fe
thunderbird-patch-inline
update-unicode unicode_width.h: rename to use dash in file name 2018-04-11 18:11:00 +09:00
vscode vscode: let cSpell work on commit messages, too 2018-07-30 13:14:39 -07:00
workdir
coverage-diff.sh contrib: add coverage-diff script 2018-10-10 10:11:35 +09:00
git-resurrect.sh
README
remotes2config.sh
rerere-train.sh

Contributed Software

Although these pieces are available as part of the official git
source tree, they are in somewhat different status.  The
intention is to keep interesting tools around git here, maybe
even experimental ones, to give users an easier access to them,
and to give tools wider exposure, so that they can be improved
faster.

I am not expecting to touch these myself that much.  As far as
my day-to-day operation is concerned, these subdirectories are
owned by their respective primary authors.  I am willing to help
if users of these components and the contrib/ subtree "owners"
have technical/design issues to resolve, but the initiative to
fix and/or enhance things _must_ be on the side of the subtree
owners.  IOW, I won't be actively looking for bugs and rooms for
enhancements in them as the git maintainer -- I may only do so
just as one of the users when I want to scratch my own itch.  If
you have patches to things in contrib/ area, the patch should be
first sent to the primary author, and then the primary author
should ack and forward it to me (git pull request is nicer).
This is the same way as how I have been treating gitk, and to a
lesser degree various foreign SCM interfaces, so you know the
drill.

I expect that things that start their life in the contrib/ area
to graduate out of contrib/ once they mature, either by becoming
projects on their own, or moving to the toplevel directory.  On
the other hand, I expect I'll be proposing removal of disused
and inactive ones from time to time.

If you have new things to add to this area, please first propose
it on the git mailing list, and after a list discussion proves
there are some general interests (it does not have to be a
list-wide consensus for a tool targeted to a relatively narrow
audience -- for example I do not work with projects whose
upstream is svn, so I have no use for git-svn myself, but it is
of general interest for people who need to interoperate with SVN
repositories in a way git-svn works better than git-svnimport),
submit a patch to create a subdirectory of contrib/ and put your
stuff there.

-jc