Hello, On Fri 31 May 2024 at 11:23am -04, Roberto C. Sánchez wrote: > So, I have read the two commit messages (f4aa8c8bb1 and 7b70e9efb1), but > I have not read the actual code changes. > > It looks to me like the way to confirm your assessment is to take > t/t0411-clone-from-partial.sh from the first commit and backport just > that part. It should result in new test failures. Then backport the > second commit (which fixes CVE-2024-32465 and is somewhat redundant with > the first commit) and confirm that the test changes which produced the > new test failures are all passing again. > > Also, given the potential usability regression reported upstream, it > would certainly be wise to manually test that a shared repository can be > cloned without requiring the configuration change on the server side. > This testing should include 3 scenarios: one with the patch applied only > on the server side, another with the patch applied only on the client > side, and finally one with the patch applied on both sides. Thanks for the review and this feedback on testing. I'll work on those. -- Sean Whitton
Attachment:
signature.asc
Description: PGP signature