Re: [WIP RFC 2/5] Documentation: add Packfile URIs design doc
- Date: Tue, 4 Dec 2018 11:29:04 -0800
- From: Jonathan Tan <jonathantanmy@xxxxxxxxxx>
- Subject: Re: [WIP RFC 2/5] Documentation: add Packfile URIs design doc
> Some thoughts here:
> First, I'd like to see a section (and a bit in the implementation)
> requiring HTTPS if the original protocol is secure (SSH or HTTPS).
> Allowing the server to downgrade to HTTP, even by accident, would be a
> security problem.
> Second, this feature likely should be opt-in for SSH. One issue I've
> seen repeatedly is that people don't want to use HTTPS to fetch things
> when they're using SSH for Git. Many people in corporate environments
> have proxies that break HTTP for non-browser use cases, and using SSH
> is the only way that they can make a functional Git connection.
Good points about SSH support and the client needing to control which
protocols the server will send URIs for. I'll include a line in the
client request in which the client can specify which protocols it is OK
> Third, I think the server needs to be required to both support Range
> headers and never change the content of a URI, so that we can have
> resumable clone implicit in this design. There are some places in the
> world where connections are poor and fetching even the initial packfile
> at once might be a problem. (I've seen such questions on Stack
> Overflow, for example.)
Good points. I'll add these in the next revision.
> Having said that, I think overall this is a good idea and I'm glad to
> see a proposal for it.
Thanks, and thanks for your comments too.