• onlinepersona@programming.dev
    link
    fedilink
    English
    arrow-up
    2
    ·
    7 months ago

    That’s not a pull request, but a merge request. Besides the point though. What I’m getting at is: isn’t that asking for trouble? Somebody could

    while true ; do
      head /dev/urandom -c 100MB > file.txt
      git add file.txt
      git commit -m "new commit"
      git push
    done
    

    and fill up your hard drive. Also, depending on the protocol, they could try fuzzing it. Or, pipe /dev/urandom into nc and blast your git port.

    And of course, the first problem is discoverability. Who’s going to find your random, unfederated, git service?

    It just doesn’t sound like a convincing solution, IMO.

    Anti Commercial-AI license

    • lurch (he/him)
      link
      fedilink
      arrow-up
      1
      ·
      7 months ago

      no, it’s not specific to merge requests. theres a tool called git-shell that prevents abuse