GNU bug report logs - #68810
29.1; Recommending setting transfer.fsckObjects of git to true is not necessary

Previous Next

Package: emacs;

Reported by: Lin Jian <me <at> linj.tech>

Date: Mon, 29 Jan 2024 23:30:02 UTC

Severity: wishlist

Found in version 29.1

Full log

View this message in rfc822 format

From: Eli Zaretskii <eliz <at> gnu.org>
To: Stefan Kangas <stefankangas <at> gmail.com>
Cc: me <at> linj.tech, 68810 <at> debbugs.gnu.org
Subject: bug#68810: 29.1; Recommending setting transfer.fsckObjects of git to true is not necessary
Date: Tue, 30 Jan 2024 14:27:07 +0200

> From: Stefan Kangas <stefankangas <at> gmail.com>
> Date: Mon, 29 Jan 2024 19:39:54 -0500
> 
> Lin Jian via "Bug reports for GNU Emacs, the Swiss army knife of text
> editors" <bug-gnu-emacs <at> gnu.org> writes:
> 
> > Recommendation about setting transfer.fsckObjects of git to true can be
> > found in admin/notes/git-workflow and CONTRIBUTE.  In addition, it is
> > set in autogen.sh.
> >
> > This is triggered by a discussion[1] on emacs-devel.  The first commit
> > about this is cedd7cad092809a97c1ed7fb883b68fa844cea58 on 2016-01-31.
> > However, on 2016-02-04, another discussion[2] shows that git is secure
> > by default so setting this option is not necessary.
> >
> > What about removing this unnecessary recommendation?
> >
> > By the way, the same recommendation can be found on Emacswiki[3][4].
> >
> > [1]: https://lists.gnu.org/r/emacs-devel/2016-01/msg01802.html
> > [2]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813157#29
> > [3]: https://www.emacswiki.org/emacs/GitQuickStartForEmacsDevs
> > [4]: https://www.emacswiki.org/emacs/GitForEmacsDevs
> 
> Are you sure?  The git documentation says:
> 
>     transfer.fsckObjects
> 
>     When fetch.fsckObjects or receive.fsckObjects are not set, the value
>     of this variable is used instead. Defaults to false.
> 
>     When set, the fetch or receive will abort in the case of a malformed
>     object or a link to a nonexistent object. In addition, various other
>     issues are checked for, including legacy issues (see fsck.<msg-id>),
>     and potential security issues like the existence of a .GIT directory
>     or a malicious .gitmodules file (see the release notes for v2.2.1
>     and v2.17.1 for details). Other sanity and security checks may be
>     added in future releases.
> 
> https://git-scm.com/docs/git-config#Documentation/git-config.txt-transferfsckObjects

And I have another question: does this setting cause any harm, or can
cause any harm in some situations?  IOW, what are the downsides of
using this setting?
This bug report was last modified 1 year and 137 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.