| Commit message (Collapse) | Author | Age |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Yesterday's SHA1 collision attack could be used to generate eg:
SHA256-sfoo--whatever.good
SHA256-sfoo--whatever.bad
Such that they collide. A repository with the good one could have the
bad one swapped in and signed commits would still verify.
I've already mitigated this.
|
| | |
|
| |
|
|
|
|
| |
This reverts commit d884cdfbed61fa451c54562711ab5a12f41a7f7a.
todo is not ready yet
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Even if annex.backends does not include a backend, that does not prevent
git-annex commands from acting on a file using the missing backend.
(There's really no reason at all for annex.backends to be a list.)
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
I am not happy that I had to put backend-specific code in file2key. But
it would be very difficult to avoid this layering violation.
Most of the time, when parsing a Key from a symlink target, git-annex
never looks up its Backend at all, so adding this check to a method of
the Backend object would not work.
The Key could be made to contain the appropriate
Backend, but since Backend is parameterized on an "a" that is fixed to
the Annex monad later, that would need Key to change to "Key a".
The only way to clean this up that I can see would be to have the Key
contain a LowlevelBackend, and put the validation in LowlevelBackend.
Perhaps later, but that would be an extensive change, so let's not do
it in this commit which may want to cherry-pick to backports.
This commit was sponsored by Ethan Aubin.
|
| |/ |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
could be used to embed data useful for a SHA1 attack against git.
Also todo about why this is important, and with some further hardening to
add.
This commit was sponsored by Ignacio on Patreon.
|
| |\ |
|
| | | |
|
| |/ |
|
| | |
|
| |\ |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| |/ |
|
| | |
|
| |
|
|
|
|
|
| |
Didn't make --ignore-submodules without a value be handled because I can't
see a way to make optparse-applicative parse that. I've opened a bug
requesting a way to do that:
https://github.com/pcapriotti/optparse-applicative/issues/243
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* Run curl with -S, so HTTP errors are displayed, even when
it's otherwise silent.
* When downloading in --json or --quiet mode, use curl in preference
to wget, since curl is able to display only errors to stderr, unlike
wget.
This does mean that downloadQuiet is only silent on stdout, not necessarily
on stderr, which affects a couple other calls of it. For example,
downloading the .git/config of a http remote may show an error message now,
perhaps with slightly suboptimal formatting due to other output.
|
| | |
|
| |\ |
|
| | |
| |
| |
| |
| |
| | |
This adds one extra line of output when a download is successful,
after the progress bar. I don't much like that, but wget does not provide a
way to show HTTP errors without it.
|
| | | |
|
| | | |
|
| |/ |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Also fixed the LsFiles parser to not assume its output has a fixed width
type field.
|
| |\ |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
I've seen this thing, whatever it is, mentioned in spam links before,
so even if it's valid for some OS (probably not the one being asked
about), it's verboten here.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
test suite.
The p2p code made it always be needed.
This commit was sponsored by Anthony DeRobertis on Patreon.
|
| | | |
|
| | | |
|
| | | |
|
Joey Hess
benjamin.poldrack@d09ccff6d42dd20277610b59867cf7462927b8e3
unicell@9c0b0afd4176d5933d4b5c41350ebe61488c1df0
lhunath@3b4ff15f4600f3276d1776a490b734fca0f5c245
jean.jordaan@4bb3bd508a9eb0a4bab5d1b587dadd2b6c4a7edc
db48x
andrew