From: Junio C Hamano <gitster@pobox.com>
Date: Tue, 17 Jan 2017 23:19:10 +0000 (-0800)
Subject: Merge branch 'mm/push-social-engineering-attack-doc' into maint
X-Git-Tag: v2.11.1~25
X-Git-Url: http://git.osdn.net/view?a=commitdiff_plain;h=f976c89a2028ab4661276c8ca40e003e89e01a38;p=git-core%2Fgit.git

Merge branch 'mm/push-social-engineering-attack-doc' into maint

Doc update on fetching and pushing.

* mm/push-social-engineering-attack-doc:
  doc: mention transfer data leaks in more places
---

f976c89a2028ab4661276c8ca40e003e89e01a38
diff --cc Documentation/config.txt
index febf95d6c,780fbdf41..9705b94b2
--- a/Documentation/config.txt
+++ b/Documentation/config.txt
@@@ -2969,13 -2824,11 +2977,16 @@@ uploadpack.allowReachableSHA1InWant:
  	Allow `upload-pack` to accept a fetch request that asks for an
  	object that is reachable from any ref tip. However, note that
  	calculating object reachability is computationally expensive.
- 	Defaults to `false`.
+ 	Defaults to `false`.  Even if this is false, a client may be able
+ 	to steal objects via the techniques described in the "SECURITY"
+ 	section of the linkgit:gitnamespaces[7] man page; it's best to
+ 	keep private data in a separate repository.
  
 +uploadpack.allowAnySHA1InWant::
 +	Allow `upload-pack` to accept a fetch request that asks for any
 +	object at all.
 +	Defaults to `false`.
 +
  uploadpack.keepAlive::
  	When `upload-pack` has started `pack-objects`, there may be a
  	quiet period while `pack-objects` prepares the pack. Normally