From 8b1313825c7316fccc0f098f8669c3f74df3df28 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 24 Oct 2008 16:31:51 -0400 Subject: [PATCH 1/1] note about spoofing --- doc/tips/untrusted_git_push.mdwn | 3 +++ 1 file changed, 3 insertions(+) diff --git a/doc/tips/untrusted_git_push.mdwn b/doc/tips/untrusted_git_push.mdwn index 958e04e77..b7dba74c6 100644 --- a/doc/tips/untrusted_git_push.mdwn +++ b/doc/tips/untrusted_git_push.mdwn @@ -39,6 +39,9 @@ or manipulate tags. One thing to keep an eye on is uploading large files. It may be easier to do this via git push than using the web, and that could be abused. +Also, no checking is done that the authors of commits are right, so people +can make a commit that pretends to be done by someone else. + ## user setup Add a dedicated user who will push in untrusted commits. This user should have -- 2.44.0