From mboxrd@z Thu Jan  1 00:00:00 1970
From: Jason at zx2c4.com (Jason A. Donenfeld)
Date: Mon, 12 Aug 2013 13:05:18 -0600
Subject: RFE: download patch between arbitrary revisions
In-Reply-To: <20130806214035.GA30240@blizzard>
References: <51ABEF0F.3030909@kernel.org> <20130603184953.GK1072@serenity.lan>
 <20130613215810.GB29281@blizzard>
 <20130613222126.GC23890@serenity.lan>
 <20130616075655.GA27832@blizzard>
 <20130616101122.GA4676@serenity.lan>
 <20130616191818.GA13580@blizzard> <52014D31.1060907@kernel.org>
 <20130806214035.GA30240@blizzard>
Message-ID: <CAHmME9r7ywi_shy2s0rqhecD1e8toCZMvY+8AXxfpY_GwrU7pQ@mail.gmail.com>

This is a wonderful idea.

The sequence of patches provides a somewhat ridiculous way of
reassembling a git repository from cgit without using the proper http
clone endpoints; I wonder how long it will be before somebody winds up
(ab)using this for this purpose. A max-patches-per-request could
really help to prevent the DoS. On the otherhand, aren't there are a
few other endpoints that can cause similar DoS? If so, maybe we ought
to save max-patches-per-request for another commit that handles other
DoS cases too, and perhaps if we're lucky then be able to consolidate
them into one configuration setting at that point --
max-operations-per-request.

Anyway, go ahead and implement it --

    * /patch/ will support id2 param and return format-patch --stdout id1..id2
    * /diff/ will be unchanged
    * /diff/?raw=1 will spit out the raw output

Sound good?