unofficial mirror of bug-gnu-emacs@gnu.org 
 help / color / mirror / code / Atom feed
* bug#68810: 29.1; Recommending setting transfer.fsckObjects of git to true is not necessary
@ 2024-01-29 23:16 Lin Jian via Bug reports for GNU Emacs, the Swiss army knife of text editors
  2024-01-30  0:39 ` Stefan Kangas
  0 siblings, 1 reply; 9+ messages in thread
From: Lin Jian via Bug reports for GNU Emacs, the Swiss army knife of text editors @ 2024-01-29 23:16 UTC (permalink / raw)
  To: 68810


Recommendation about setting transfer.fsckObjects of git to true can be
found in admin/notes/git-workflow and CONTRIBUTE.  In addition, it is
set in autogen.sh.

This is triggered by a discussion[1] on emacs-devel.  The first commit
about this is cedd7cad092809a97c1ed7fb883b68fa844cea58 on 2016-01-31.
However, on 2016-02-04, another discussion[2] shows that git is secure
by default so setting this option is not necessary.

What about removing this unnecessary recommendation?

By the way, the same recommendation can be found on Emacswiki[3][4].

[1]: https://lists.gnu.org/r/emacs-devel/2016-01/msg01802.html
[2]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813157#29
[3]: https://www.emacswiki.org/emacs/GitQuickStartForEmacsDevs
[4]: https://www.emacswiki.org/emacs/GitForEmacsDevs







^ permalink raw reply	[flat|nested] 9+ messages in thread

* bug#68810: 29.1; Recommending setting transfer.fsckObjects of git to true is not necessary
  2024-01-29 23:16 bug#68810: 29.1; Recommending setting transfer.fsckObjects of git to true is not necessary Lin Jian via Bug reports for GNU Emacs, the Swiss army knife of text editors
@ 2024-01-30  0:39 ` Stefan Kangas
  2024-01-30 11:57   ` Lin Jian via Bug reports for GNU Emacs, the Swiss army knife of text editors
  2024-01-30 12:27   ` Eli Zaretskii
  0 siblings, 2 replies; 9+ messages in thread
From: Stefan Kangas @ 2024-01-30  0:39 UTC (permalink / raw)
  To: Lin Jian, 68810

Lin Jian via "Bug reports for GNU Emacs, the Swiss army knife of text
editors" <bug-gnu-emacs@gnu.org> writes:

> Recommendation about setting transfer.fsckObjects of git to true can be
> found in admin/notes/git-workflow and CONTRIBUTE.  In addition, it is
> set in autogen.sh.
>
> This is triggered by a discussion[1] on emacs-devel.  The first commit
> about this is cedd7cad092809a97c1ed7fb883b68fa844cea58 on 2016-01-31.
> However, on 2016-02-04, another discussion[2] shows that git is secure
> by default so setting this option is not necessary.
>
> What about removing this unnecessary recommendation?
>
> By the way, the same recommendation can be found on Emacswiki[3][4].
>
> [1]: https://lists.gnu.org/r/emacs-devel/2016-01/msg01802.html
> [2]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813157#29
> [3]: https://www.emacswiki.org/emacs/GitQuickStartForEmacsDevs
> [4]: https://www.emacswiki.org/emacs/GitForEmacsDevs

Are you sure?  The git documentation says:

    transfer.fsckObjects

    When fetch.fsckObjects or receive.fsckObjects are not set, the value
    of this variable is used instead. Defaults to false.

    When set, the fetch or receive will abort in the case of a malformed
    object or a link to a nonexistent object. In addition, various other
    issues are checked for, including legacy issues (see fsck.<msg-id>),
    and potential security issues like the existence of a .GIT directory
    or a malicious .gitmodules file (see the release notes for v2.2.1
    and v2.17.1 for details). Other sanity and security checks may be
    added in future releases.

https://git-scm.com/docs/git-config#Documentation/git-config.txt-transferfsckObjects





^ permalink raw reply	[flat|nested] 9+ messages in thread

* bug#68810: 29.1; Recommending setting transfer.fsckObjects of git to true is not necessary
  2024-01-30  0:39 ` Stefan Kangas
@ 2024-01-30 11:57   ` Lin Jian via Bug reports for GNU Emacs, the Swiss army knife of text editors
  2024-01-30 13:18     ` Eli Zaretskii
  2024-01-30 20:49     ` Stefan Kangas
  2024-01-30 12:27   ` Eli Zaretskii
  1 sibling, 2 replies; 9+ messages in thread
From: Lin Jian via Bug reports for GNU Emacs, the Swiss army knife of text editors @ 2024-01-30 11:57 UTC (permalink / raw)
  To: Stefan Kangas; +Cc: 68810


Stefan Kangas <stefankangas@gmail.com> writes:

> Are you sure?

I am no expert of git.  So I am not sure.

That being said, have you read those links in my report?  My point is
that the motivation of setting transfer.fsckObjects in [1], i.e.,
security, is made invalid in [2] because git is secure by default.
However, related commits are made before (and after) [2].

[1]: https://lists.gnu.org/r/emacs-devel/2016-01/msg01802.html
[2]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813157#29





^ permalink raw reply	[flat|nested] 9+ messages in thread

* bug#68810: 29.1; Recommending setting transfer.fsckObjects of git to true is not necessary
  2024-01-30  0:39 ` Stefan Kangas
  2024-01-30 11:57   ` Lin Jian via Bug reports for GNU Emacs, the Swiss army knife of text editors
@ 2024-01-30 12:27   ` Eli Zaretskii
  2024-01-30 13:48     ` Lin Jian via Bug reports for GNU Emacs, the Swiss army knife of text editors
  1 sibling, 1 reply; 9+ messages in thread
From: Eli Zaretskii @ 2024-01-30 12:27 UTC (permalink / raw)
  To: Stefan Kangas; +Cc: me, 68810

> From: Stefan Kangas <stefankangas@gmail.com>
> Date: Mon, 29 Jan 2024 19:39:54 -0500
> 
> Lin Jian via "Bug reports for GNU Emacs, the Swiss army knife of text
> editors" <bug-gnu-emacs@gnu.org> writes:
> 
> > Recommendation about setting transfer.fsckObjects of git to true can be
> > found in admin/notes/git-workflow and CONTRIBUTE.  In addition, it is
> > set in autogen.sh.
> >
> > This is triggered by a discussion[1] on emacs-devel.  The first commit
> > about this is cedd7cad092809a97c1ed7fb883b68fa844cea58 on 2016-01-31.
> > However, on 2016-02-04, another discussion[2] shows that git is secure
> > by default so setting this option is not necessary.
> >
> > What about removing this unnecessary recommendation?
> >
> > By the way, the same recommendation can be found on Emacswiki[3][4].
> >
> > [1]: https://lists.gnu.org/r/emacs-devel/2016-01/msg01802.html
> > [2]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813157#29
> > [3]: https://www.emacswiki.org/emacs/GitQuickStartForEmacsDevs
> > [4]: https://www.emacswiki.org/emacs/GitForEmacsDevs
> 
> Are you sure?  The git documentation says:
> 
>     transfer.fsckObjects
> 
>     When fetch.fsckObjects or receive.fsckObjects are not set, the value
>     of this variable is used instead. Defaults to false.
> 
>     When set, the fetch or receive will abort in the case of a malformed
>     object or a link to a nonexistent object. In addition, various other
>     issues are checked for, including legacy issues (see fsck.<msg-id>),
>     and potential security issues like the existence of a .GIT directory
>     or a malicious .gitmodules file (see the release notes for v2.2.1
>     and v2.17.1 for details). Other sanity and security checks may be
>     added in future releases.
> 
> https://git-scm.com/docs/git-config#Documentation/git-config.txt-transferfsckObjects

And I have another question: does this setting cause any harm, or can
cause any harm in some situations?  IOW, what are the downsides of
using this setting?





^ permalink raw reply	[flat|nested] 9+ messages in thread

* bug#68810: 29.1; Recommending setting transfer.fsckObjects of git to true is not necessary
  2024-01-30 11:57   ` Lin Jian via Bug reports for GNU Emacs, the Swiss army knife of text editors
@ 2024-01-30 13:18     ` Eli Zaretskii
  2024-01-30 13:53       ` Lin Jian via Bug reports for GNU Emacs, the Swiss army knife of text editors
  2024-01-30 20:49     ` Stefan Kangas
  1 sibling, 1 reply; 9+ messages in thread
From: Eli Zaretskii @ 2024-01-30 13:18 UTC (permalink / raw)
  To: Lin Jian; +Cc: stefankangas, 68810

> Cc: 68810@debbugs.gnu.org
> Date: Tue, 30 Jan 2024 19:57:16 +0800
> From:  Lin Jian via "Bug reports for GNU Emacs,
>  the Swiss army knife of text editors" <bug-gnu-emacs@gnu.org>
> 
> 
> Stefan Kangas <stefankangas@gmail.com> writes:
> 
> > Are you sure?
> 
> I am no expert of git.  So I am not sure.
> 
> That being said, have you read those links in my report?  My point is
> that the motivation of setting transfer.fsckObjects in [1], i.e.,
> security, is made invalid in [2] because git is secure by default.

AFAIR, we added that setting because of real problems, not because of
some theoretical concerns.





^ permalink raw reply	[flat|nested] 9+ messages in thread

* bug#68810: 29.1; Recommending setting transfer.fsckObjects of git to true is not necessary
  2024-01-30 12:27   ` Eli Zaretskii
@ 2024-01-30 13:48     ` Lin Jian via Bug reports for GNU Emacs, the Swiss army knife of text editors
  0 siblings, 0 replies; 9+ messages in thread
From: Lin Jian via Bug reports for GNU Emacs, the Swiss army knife of text editors @ 2024-01-30 13:48 UTC (permalink / raw)
  To: Eli Zaretskii; +Cc: Stefan Kangas, 68810


Eli Zaretskii <eliz@gnu.org> writes:

> And I have another question: does this setting cause any harm, or can
> cause any harm in some situations?  IOW, what are the downsides of
> using this setting?

I am not aware of any downsides of using this setting.

My motivation is to remind Emacs developers that this setting is not
necessary.  How you deal with this unnecessary setting is up to you.  I
personally prefer upstream (git) default though.





^ permalink raw reply	[flat|nested] 9+ messages in thread

* bug#68810: 29.1; Recommending setting transfer.fsckObjects of git to true is not necessary
  2024-01-30 13:18     ` Eli Zaretskii
@ 2024-01-30 13:53       ` Lin Jian via Bug reports for GNU Emacs, the Swiss army knife of text editors
  2024-01-30 14:22         ` Eli Zaretskii
  0 siblings, 1 reply; 9+ messages in thread
From: Lin Jian via Bug reports for GNU Emacs, the Swiss army knife of text editors @ 2024-01-30 13:53 UTC (permalink / raw)
  To: Eli Zaretskii; +Cc: stefankangas, 68810


Eli Zaretskii <eliz@gnu.org> writes:

> AFAIR, we added that setting because of real problems, not because of
> some theoretical concerns.

Both related content in git-workflow and commit messages of related
commits[1][2][3][4] point the motivation to only [5].

If there are indeed real problems I am not aware of, then my report is
not valid and I am sorry for the noise.

[1]: cedd7cad092809a97c1ed7fb883b68fa844cea58
[2]: d766ca8ff1e4ff1a30385508e1f456fad6bfe9f8
[3]: ee8b46699523cc1dea7b3d03e3cccff3d62cd847
[4]: f8bf1b35bf55ae1bb7703f86d3b526887f064b19
[5]: https://lists.gnu.org/r/emacs-devel/2016-01/msg01802.html





^ permalink raw reply	[flat|nested] 9+ messages in thread

* bug#68810: 29.1; Recommending setting transfer.fsckObjects of git to true is not necessary
  2024-01-30 13:53       ` Lin Jian via Bug reports for GNU Emacs, the Swiss army knife of text editors
@ 2024-01-30 14:22         ` Eli Zaretskii
  0 siblings, 0 replies; 9+ messages in thread
From: Eli Zaretskii @ 2024-01-30 14:22 UTC (permalink / raw)
  To: Lin Jian; +Cc: stefankangas, 68810

> From: Lin Jian <me@linj.tech>
> Cc: stefankangas@gmail.com, 68810@debbugs.gnu.org
> Date: Tue, 30 Jan 2024 21:53:02 +0800
> 
> 
> Eli Zaretskii <eliz@gnu.org> writes:
> 
> > AFAIR, we added that setting because of real problems, not because of
> > some theoretical concerns.
> 
> Both related content in git-workflow and commit messages of related
> commits[1][2][3][4] point the motivation to only [5].

AFAIR, there were problems with fetching from elpa.git at some point,
which would have been avoided if fsckObjects were used.





^ permalink raw reply	[flat|nested] 9+ messages in thread

* bug#68810: 29.1; Recommending setting transfer.fsckObjects of git to true is not necessary
  2024-01-30 11:57   ` Lin Jian via Bug reports for GNU Emacs, the Swiss army knife of text editors
  2024-01-30 13:18     ` Eli Zaretskii
@ 2024-01-30 20:49     ` Stefan Kangas
  1 sibling, 0 replies; 9+ messages in thread
From: Stefan Kangas @ 2024-01-30 20:49 UTC (permalink / raw)
  To: Lin Jian; +Cc: 68810

Lin Jian <me@linj.tech> writes:

> Stefan Kangas <stefankangas@gmail.com> writes:
>
>> Are you sure?
>
> I am no expert of git.  So I am not sure.
>
> That being said, have you read those links in my report?  My point is
> that the motivation of setting transfer.fsckObjects in [1], i.e.,
> security, is made invalid in [2] because git is secure by default.
> However, related commits are made before (and after) [2].

Yes, I read the links.  But I tend to trust the official documentation
more than some random opinions shared online, and the part I quoted says
that this setting _does_ enable some checks that would otherwise not be
done.





^ permalink raw reply	[flat|nested] 9+ messages in thread

end of thread, other threads:[~2024-01-30 20:49 UTC | newest]

Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-01-29 23:16 bug#68810: 29.1; Recommending setting transfer.fsckObjects of git to true is not necessary Lin Jian via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-01-30  0:39 ` Stefan Kangas
2024-01-30 11:57   ` Lin Jian via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-01-30 13:18     ` Eli Zaretskii
2024-01-30 13:53       ` Lin Jian via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-01-30 14:22         ` Eli Zaretskii
2024-01-30 20:49     ` Stefan Kangas
2024-01-30 12:27   ` Eli Zaretskii
2024-01-30 13:48     ` Lin Jian via Bug reports for GNU Emacs, the Swiss army knife of text editors

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/emacs.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).