GNU bug report logs -
#68810
29.1; Recommending setting transfer.fsckObjects of git to true is not necessary
Previous Next
Full log
Message #8 received at 68810 <at> debbugs.gnu.org (full text, mbox):
Lin Jian via "Bug reports for GNU Emacs, the Swiss army knife of text
editors" <bug-gnu-emacs <at> gnu.org> writes:
> Recommendation about setting transfer.fsckObjects of git to true can be
> found in admin/notes/git-workflow and CONTRIBUTE. In addition, it is
> set in autogen.sh.
>
> This is triggered by a discussion[1] on emacs-devel. The first commit
> about this is cedd7cad092809a97c1ed7fb883b68fa844cea58 on 2016-01-31.
> However, on 2016-02-04, another discussion[2] shows that git is secure
> by default so setting this option is not necessary.
>
> What about removing this unnecessary recommendation?
>
> By the way, the same recommendation can be found on Emacswiki[3][4].
>
> [1]: https://lists.gnu.org/r/emacs-devel/2016-01/msg01802.html
> [2]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813157#29
> [3]: https://www.emacswiki.org/emacs/GitQuickStartForEmacsDevs
> [4]: https://www.emacswiki.org/emacs/GitForEmacsDevs
Are you sure? The git documentation says:
transfer.fsckObjects
When fetch.fsckObjects or receive.fsckObjects are not set, the value
of this variable is used instead. Defaults to false.
When set, the fetch or receive will abort in the case of a malformed
object or a link to a nonexistent object. In addition, various other
issues are checked for, including legacy issues (see fsck.<msg-id>),
and potential security issues like the existence of a .GIT directory
or a malicious .gitmodules file (see the release notes for v2.2.1
and v2.17.1 for details). Other sanity and security checks may be
added in future releases.
https://git-scm.com/docs/git-config#Documentation/git-config.txt-transferfsckObjects
This bug report was last modified 1 year and 137 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.