From mboxrd@z Thu Jan  1 00:00:00 1970
From: Jason at zx2c4.com (Jason A. Donenfeld)
Date: Wed, 27 Jun 2018 18:34:56 +0200
Subject: [PATCH v3 1/1] snapshot: support tar signature for compressed tar
In-Reply-To: <20180607193844.18784-1-list@eworm.de>
References: <20180607213645.4c5938ff@leda>
 <20180607193844.18784-1-list@eworm.de>
Message-ID: <CAHmME9rZSD_+6FJ06ziwOok9XWomzunuYoDQze5RWstvXs=hvg@mail.gmail.com>

Hey Christian,

I've merged all the surrounding changes, but I'm not quite satisfied
with the implementation of this one.

> +       for (f_tar = cgit_snapshot_formats; strcmp(f_tar->suffix, ".tar") != 0; f_tar++)
> +               /* nothing */ ;
> +
> +               } else if (starts_with(f->suffix, ".tar") && cgit_snapshot_get_sig(ref, f_tar)) {
> +                       strbuf_setlen(&filename, strlen(filename.buf) - strlen(f->suffix));
> +                       strbuf_addstr(&filename, ".tar.asc");
> +                       html(" (");
> +                       cgit_snapshot_link("sig", NULL, NULL, NULL, NULL,
> +                                          filename.buf);
> +                       html(")");

Can we, instead, _not_ special case .tar, but rather just allow for
all signatures, if the note .asc exists? We don't want to serve
arbitrary tarballs and archives, because this means load and bandwidth
for the server that wasn't explicitly opted in by the admin, but all
signatures are necessarily explicitly uploaded, so why restrict them
from being downloaded?

Regards,
Jason