devblog
This commit is contained in:
Joey Hess
parent
2fb3722ce9
commit
6dd8d923d9
1 changed files with 13 additions and 0 deletions
13
doc/devblog/day_321__download_verification.mdwn
Normal file
13
doc/devblog/day_321__download_verification.mdwn
Normal file
|
|
@ -0,0 +1,13 @@
|
||||||
|
While at the DerbyCon security conference, I got to thinking about
|
||||||
|
verifying objects that git-annex downloads from remotes. This can be
|
||||||
|
expensive for big files, so git-annex has never done it at download time,
|
||||||
|
instead deferring it to fsck time. But, that is a divergence from git,
|
||||||
|
which always verifies checksums of objects it receives. So, it violates
|
||||||
|
least surprise for git-annex to not verify checksums too. And this could
|
||||||
|
weaken security in some use cases.
|
||||||
|
|
||||||
|
So, today I changed that. Now whenever git-annex accepts an object into
|
||||||
|
.git/annex/objects, it first verifies its checksum and size. I did add a
|
||||||
|
setting to disable that and get back the old behavior: `git config
|
||||||
|
annex.verify false`, and there's also a per-remote setting if you want to
|
||||||
|
verify content from some remotes but not others.
|
||||||
Loading…
Add table
Add a link
Reference in a new issue