Ryabitsev: Cross-fork object sharing in git (is not a bug)

by
corbet
from LWN.net on (#5VY36)
This is a few days old, but evidently thereis still need for this message: Konstantin Ryabitsev explainshow it is easy to cause a commit to appear falsely to be part of a GitHubrepository:

With all the benefits of object sharing comes one importantdownside - namely, you can access any shared object through any ofthe forks. So, if you fork linux.git and push your own commit intoit, any of the 41.1k forks will have access to the objectsreferenced by your commit. If you know the hash of that object, andif the web ui allows to access arbitrary repository objects bytheir hash, you can even view and link to it from any of the forks,making it look as if that object is actually part of thatparticular repository (which is how we get the links at the startof this article).

A failure to understand this point is how the net fills up with articleslike this one.

External Content
Source RSS or Atom Feed
Feed Location http://lwn.net/headlines/rss
Feed Title LWN.net
Feed Link https://lwn.net/
Reply 0 comments