summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoey Hess <joey@kodama.kitenet.net>2008-10-24 16:31:51 -0400
committerJoey Hess <joey@kodama.kitenet.net>2008-10-24 16:31:51 -0400
commit8b1313825c7316fccc0f098f8669c3f74df3df28 (patch)
tree393271431c5c1d0e0a9b49124297c188e7f99802
parentf3d017d26c885a708ec34fbb49dd077dd73eebf8 (diff)
note about spoofing
-rw-r--r--doc/tips/untrusted_git_push.mdwn3
1 files changed, 3 insertions, 0 deletions
diff --git a/doc/tips/untrusted_git_push.mdwn b/doc/tips/untrusted_git_push.mdwn
index 958e04e77..b7dba74c6 100644
--- a/doc/tips/untrusted_git_push.mdwn
+++ b/doc/tips/untrusted_git_push.mdwn
@@ -39,6 +39,9 @@ or manipulate tags.
One thing to keep an eye on is uploading large files. It may be easier to
do this via git push than using the web, and that could be abused.
+Also, no checking is done that the authors of commits are right, so people
+can make a commit that pretends to be done by someone else.
+
## user setup
Add a dedicated user who will push in untrusted commits. This user should have