[PATCH v3 1/1] snapshot: support tar signature for compressed tar

[list at eworm.de (Christian Hesse)]

John Keeping <john at keeping.me.uk> on Wed, 2018/06/27 21:14:
> On Wed, Jun 27, 2018 at 06:34:56PM +0200, Jason A. Donenfeld wrote:
> > I've merged all the surrounding changes, but I'm not quite satisfied
> > with the implementation of this one.
> >   
> > > +       for (f_tar = cgit_snapshot_formats; strcmp(f_tar->suffix,
> > > ".tar") != 0; f_tar++)
> > > +               /* nothing */ ;
> > > +
> > > +               } else if (starts_with(f->suffix, ".tar") &&
> > > cgit_snapshot_get_sig(ref, f_tar)) {
> > > +                       strbuf_setlen(&filename, strlen(filename.buf) -
> > > strlen(f->suffix));
> > > +                       strbuf_addstr(&filename, ".tar.asc");
> > > +                       html(" (");
> > > +                       cgit_snapshot_link("sig", NULL, NULL, NULL,
> > > NULL,
> > > +                                          filename.buf);
> > > +                       html(")");  
> > 
> > Can we, instead, _not_ special case .tar, but rather just allow for
> > all signatures, if the note .asc exists? We don't want to serve
> > arbitrary tarballs and archives, because this means load and bandwidth
> > for the server that wasn't explicitly opted in by the admin, but all
> > signatures are necessarily explicitly uploaded, so why restrict them
> > from being downloaded?  
> 
> I'm not quite sure what you're asking here, this is just printing the
> signature link after the snapshow download link.
> 
> The idea here is that if you are downloading a .tar.gz then the
> signature for the base .tar is better (it's easier to consistently
> generate a .tar than it is a .tar.gz), so the admin will choose to
> provide .tar.asc instead of .tar.gz.asc.

John is right. Actually we do allow all signatures to be downloaded, but
choose where to show the tar signature downloads. Providing .tar.asc for .zip
ist pointless, no? :-p
-- 
main(a){char*c=/*    Schoene Gruesse                         */"B?IJj;MEH"
"CX:;",b;for(a/*    Best regards             my address:    */=0;b=c[a++];)
putchar(b-1/(/*    Chris            cc -ox -xc - && ./x    */b/42*2-3)*42);}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.zx2c4.com/pipermail/cgit/attachments/20180702/c4c6caf8/attachment.asc>