Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Confusing docs for IMPORT_LOCAL_PATHS #5074

Closed
bugreport0 opened this issue Oct 12, 2018 · 0 comments · Fixed by #5274
Closed

Confusing docs for IMPORT_LOCAL_PATHS #5074

bugreport0 opened this issue Oct 12, 2018 · 0 comments · Fixed by #5274
Labels
type/docs This PR mainly updates/creates documentation

Comments

@bugreport0
Copy link
Contributor

  • Gitea version (or commit ref): 1.5.2

Description

The documentation and usage for IMPORT_LOCAL_PATHS is confusing from a security standpoint, since it's next to DISABLE_GIT_HOOKS in the Config Cheat Sheet.

After much reading, my interpretation is that:

  • setting DISABLE_GIT_HOOKS to true is the 'safe' option
  • setting IMPORT_LOCAL_PATHS to false is the 'safe' option

The documentation for both options actually begins with: 'Prevent all users from…' which might lead some users to believe that setting both options to true is the 'safe' thing.

Maybe we should change the docs to something like:

  • DISABLE_GIT_HOOKS: Set to true to prevent all users from…
  • IMPORT_LOCAL_PATHS: Set to false to prevent all users from…

If I misinterpreted everything, maybe we should rename the option to DISABLE_LOCAL_IMPORT?

(Footnote: I know 'safe' is relative, that's why it's in quotes. And I've read through #2501 and #3997 but I'm still unsure about what is 'safe' and what not.)
@lunny lunny added the type/docs This PR mainly updates/creates documentation label Oct 12, 2018
@techknowlogick techknowlogick mentioned this issue Nov 4, 2018
Merged
@go-gitea go-gitea locked and limited conversation to collaborators Nov 24, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
type/docs This PR mainly updates/creates documentation
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Clean up docs
2 participants
@lunny @bugreport0