From mboxrd@z Thu Jan 1 00:00:00 1970 From: mricon at kernel.org (Konstantin Ryabitsev) Date: Wed, 21 Mar 2018 10:03:11 -0400 Subject: RFC: snapshot tarball information in refs/notes/snapshots In-Reply-To: References: <20180320212336.GA19694@work> Message-ID: <20180321140311.GA10698@work> On Wed, Mar 21, 2018 at 09:38:02AM -0300, Jason A. Donenfeld wrote: >That sounds like a potentially good idea. Though it does point to the >larger question: should notes be used in general for configuring more >parts of cgit in an ad-hoc manner? Is there a useful generalization of >this mechanism we should consider? We already have four different >configuration mechanisms (cgitrc global, cgitrc local, >.git/config/[gitweb], .git/config/[cgit]). The advantage of this one >is that it's configurable from git itself, which makes it quite >convenient. On the other hand, should it be too general, there are >security concerns to consider. Yeah, it's something I would entirely welcome, because it would allow people to control a lot of aspects for which we use various kludges right now. Perhaps a subset of repo settings, like: repo.*-sort repo.defbranch repo.desc repo.ignore repo.hide repo.logo* repo.owner repo.readme repo.snapshots The latter only to specify a subset of snapshots allowed globally, or to turn them off entirely. E.g. if global cgitrc allows "tar.gz zip" then the repo can only use either of those or "none", but not add anything not in global. Basically, everything that affects how the repository is presented, but not how it's processed. Definitely not filters nor things that would significantly impact server performance should they be turned on. It would be easy to load and parse refs/notes/cgitrc, and the security implications shouldn't be much different than loading the same from gitconfig. Best, -K