Re: Revamping the git protocol

From: Linus Torvalds <torvalds@osdl.org>
Date: 2005-10-21 03:17:34
On Thu, 20 Oct 2005, H. Peter Anvin wrote:
> 
> git over ssh seems to be the obvious choice.

Yes, but Petr is right that there might be room for some lighter-weight 
"gits" secure protocol. One that doesn't necessarily require a whole user 
ID thing.

For example, let's say that you're not the maintainer of your machine, but 
you're in an environment where you are allowed to run daemons as yourself 
(at a university, for example). And you have a group of people who want to 
work together at a project, but they don't want to give write permissions 
to the world or their bigger group (group "student").

And git itself _does_ actually support that, already. You can use the 
standard "ssh:" thing (or just "hostname:pathname"), and the GIT_SSH 
environment variable to set up any tunnelling program you want. Then you 
can authenticate any way you want (and encrypt or not, whatever)..

So if somebody is in this situation, maybe we could have an example tunnel 
client/server thing that does this.

This is unrelated to the git protocol itself, although the "pack over 
ssh/tunnel" obviously uses all the same stuff for the actual transfer.

(It might also be worthwhile to have .git/config specify what program to 
use, so that you don't need a global environment variable. It might even 
be per-host, ie we could have git-send-pack and git-fetch-pack understand 
config language like

	[connect]
		program=[server.uni.edu]:mytunnel

or something. It shouldn't even be hard to do. Certainly simpler than 
doing a good authenticating tunnel).

		Linus
-
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Received on Fri Oct 21 03:18:32 2005

This archive was generated by hypermail 2.1.8 : 2005-10-21 03:18:35 EST