git-commit-vandalism/gitweb
Georgios Kontaxis 0996dd3d6d gitweb: add "e-mail privacy" feature to redact e-mail addresses
Gitweb extracts content from the Git log and makes it accessible
over HTTP. As a result, e-mail addresses found in commits are
exposed to web crawlers and they may not respect robots.txt.
This can result in unsolicited messages.

Introduce an 'email-privacy' feature which redacts e-mail addresses
from the generated HTML content. Specifically, obscure addresses
retrieved from the the author/committer and comment sections of the
Git log. The feature is off by default.

This feature does not prevent someone from downloading the
unredacted commit log, e.g., by cloning the repository, and
extracting information from it. It aims to hinder the low-
effort, bulk collection of e-mail addresses by web crawlers.

Signed-off-by: Georgios Kontaxis <geko1702+commits@99rst.org>
Acked-by: Eric Wong <e@80x24.org>
Acked-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2021-04-08 15:54:26 -07:00
..
static
gitweb.perl gitweb: add "e-mail privacy" feature to redact e-mail addresses 2021-04-08 15:54:26 -07:00
INSTALL
Makefile
README

GIT web Interface
=================

From the git version 1.4.0 gitweb is bundled with git.


Build time gitweb configuration
-------------------------------
There are many configuration variables which affect building gitweb (among
others creating gitweb.cgi out of gitweb.perl by replacing placeholders such
as `++GIT_BINDIR++` by their build-time values).

Building and installing gitweb is described in gitweb's INSTALL file
(in 'gitweb/INSTALL').


Runtime gitweb configuration
----------------------------
Gitweb obtains configuration data from the following sources in the
following order:

1. built-in values (some set during build stage),
2. common system-wide configuration file (`GITWEB_CONFIG_COMMON`,
   defaults to '/etc/gitweb-common.conf'),
3. either per-instance configuration file (`GITWEB_CONFIG`, defaults to
   'gitweb_config.perl' in the same directory as the installed gitweb),
   or if it does not exists then system-wide configuration file
   (`GITWEB_CONFIG_SYSTEM`, defaults to '/etc/gitweb.conf').

Values obtained in later configuration files override values obtained earlier
in above sequence.

You can read defaults in system-wide GITWEB_CONFIG_SYSTEM from GITWEB_CONFIG
by adding

  read_config_file($GITWEB_CONFIG_SYSTEM);

at very beginning of per-instance GITWEB_CONFIG file.  In this case
settings in said per-instance file will override settings from
system-wide configuration file.  Note that read_config_file checks
itself that the $GITWEB_CONFIG_SYSTEM file exists.

The most notable thing that is not configurable at compile time are the
optional features, stored in the '%features' variable.

Ultimate description on how to reconfigure the default features setting
in your `GITWEB_CONFIG` or per-project in `project.git/config` can be found
as comments inside 'gitweb.cgi'.

See also gitweb.conf(5) manpage.


Web server configuration
------------------------
Gitweb can be run as CGI script, as legacy mod_perl application (using
ModPerl::Registry), and as FastCGI script.  You can find some simple examples
in "Example web server configuration" section in INSTALL file for gitweb (in
gitweb/INSTALL).

See "Webserver configuration" and "Advanced web server setup" sections in
gitweb(1) manpage.


AUTHORS
-------
Originally written by:
  Kay Sievers <kay.sievers@vrfy.org>

Any comment/question/concern to:
  Git mailing list <git@vger.kernel.org>