commit 9aa1ed34acb059b53278494c0403221e3c623f3e
from: Stefan Sperling <stsp@stsp.name>
via: Thomas Adam <thomas@xteddy.org>
date: Fri Feb 03 15:22:14 2023 UTC

add a TODO item regarding missing client-side pack content verification

commit - da2c57e47ed0bc5cab959b65eab66a3c6e7b1a61
commit + 9aa1ed34acb059b53278494c0403221e3c623f3e
blob - d75e10cd2cd9a9b8359f7bf5f06d7d829e9c72b5
blob + faa8465245b6dbd5dfda98c66195606dddac986f
--- TODO
+++ TODO
@@ -21,6 +21,9 @@ got:
   passes.
 - investigate wether it's worth for 'got patch' to memory-map the files to
   edit.  (c.f. Plan A / Plan B in Larry' patch.)
+- when fetching pack files got should verify that the requested branch tips
+  are present in the pack file sent by the server, before making this pack
+  file visible to readers of the repository
 
 network protocol:
 - add http(s) transport with libtls, speaking the two Git HTTP protocols