From 456bab87b2e5e698f1024df7a79a76627b4bdb32 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?= Date: Fri, 27 Jul 2018 14:37:14 +0000 Subject: config doc: elaborate on what transfer.fsckObjects does MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The existing documentation led the user to believe that all we were doing were basic reachability sanity checks, but that hasn't been true for a very long time. Update the description to match reality, and note the caveat that there's a quarantine for accepting pushes, but not for fetching. Also mention that the fsck checks for security issues, which was my initial motivation for writing this fetch.fsck.* series. Signed-off-by: Ævar Arnfjörð Bjarmason Signed-off-by: Junio C Hamano --- Documentation/config.txt | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) (limited to 'Documentation') diff --git a/Documentation/config.txt b/Documentation/config.txt index 8d08250a5b..291b4f3c57 100644 --- a/Documentation/config.txt +++ b/Documentation/config.txt @@ -3397,8 +3397,17 @@ transfer.fsckObjects:: Defaults to false. + When set, the fetch or receive will abort in the case of a malformed -object or a broken link. The result of an abort are only dangling -objects. +object or a link to a nonexistent object. In addition, various other +issues are checked for, including legacy issues (see `fsck.`), +and potential security issues like the existence of a `.GIT` directory +or a malicious `.gitmodules` file (see the release notes for v2.2.1 +and v2.17.1 for details). Other sanity and security checks may be +added in future releases. ++ +On the receiving side, failing fsckObjects will make those objects +unreachable, see "QUARANTINE ENVIRONMENT" in +linkgit:git-receive-pack[1]. On the fetch side, malformed objects will +instead be left unreferenced in the repository. transfer.hideRefs:: String(s) `receive-pack` and `upload-pack` use to decide which -- cgit v1.2.3