On Mon, 2011-12-12 at 13:24 -0700, Ken Dreyer wrote:
On Mon, Dec 12, 2011 at 1:21 PM, Bruno Wolff III
<bruno(a)wolff.to> wrote:
> On Mon, Dec 12, 2011 at 15:21:11 -0500,
> Stephen Gallagher <sgallagh(a)redhat.com> wrote:
>>
>> Of course, a whitelist might be a better idea. Maybe we only
>> allow .tar.gz, .tar.bz2 and .zip to be uploaded this way and make
>> additional exceptions as they arise.
>
> .tgz is another common extension.
Yeah, a whitelist could get tedious quickly. I was just thinking of
blacklisting stuff like .rpm and .patch.
throw tar.xz on the list.
In general it seems like we come up with a new compression format every
few years (gzip, bzip2, lzma, xz...), and so many exceptions have been
suggested here, that it does seem like a whitelist is a bad idea. If
anything, given that the point of the lookaside cache as I understand it
is that git doesn't really handle large binaries very well, it might
make more sense to go with a size threshold than a file type or
extension list.
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora
http://www.happyassassin.net