From d0b1ecf464eaebbe944cec9d98ba29f9b0cdb968 Mon Sep 17 00:00:00 2001 From: Ilya_Shlyakhter Date: Tue, 3 May 2022 19:36:10 +0000 Subject: [PATCH] Added a comment: should import follow symlinks? --- ..._2_e74c71a5574a8e99503ac83a27d48533._comment | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 doc/bugs/git-annex-import_imports_outside_of_directory/comment_2_e74c71a5574a8e99503ac83a27d48533._comment diff --git a/doc/bugs/git-annex-import_imports_outside_of_directory/comment_2_e74c71a5574a8e99503ac83a27d48533._comment b/doc/bugs/git-annex-import_imports_outside_of_directory/comment_2_e74c71a5574a8e99503ac83a27d48533._comment new file mode 100644 index 0000000000..b27d15a896 --- /dev/null +++ b/doc/bugs/git-annex-import_imports_outside_of_directory/comment_2_e74c71a5574a8e99503ac83a27d48533._comment @@ -0,0 +1,17 @@ +[[!comment format=mdwn + username="Ilya_Shlyakhter" + avatar="http://cdn.libravatar.org/avatar/1647044369aa7747829c38b9dcc84df0" + subject="should import follow symlinks?" + date="2022-05-03T19:36:10Z" + content=""" +I meant \"security hole\" more in the sense of the user themselves inadvertently importing (and then sharing) more than they meant to. +E.g. I was importing a large subtree created by others, and had no clue it included symlinks outside the subtree; I only noticed this by accident, when the import started taking too long. + +>git-annex import $dir also follows symlinks inside $dir. + +In conjunction with the `mv` semantics, this seems risky... had I been using the original directory import, I'd have inadvertently deleted a large dataset (to which there was a symlink in the imported tree) from a place others expect to find it. The unix `mv` command doesn't even have a flag to follow symlinks (nevermind defaulting to that). + +>It at least seems plausible that there might be users who import from ~/disk which is a symlink to /media/somethinglong, and rely on it following the symlink. + +It's certainly plausible; question is, should it be the default? It's not the default in `cp` (you have to use `-L`) or in `tar` (have to use `-h`). I think most people assume that importing from a directory remote is akin to doing a `cp -r` or `tar cf` from it. +"""]]