Re: How to get git-daemon to work in a post-CVE world?
From: Konstantin Ryabitsev <hidden>
Date: 2025-03-31 14:53:18
From: Konstantin Ryabitsev <hidden>
Date: 2025-03-31 14:53:18
On Sun, Mar 30, 2025 at 10:30:00AM +0200, MegaBrutal wrote:
Hi Everyone, I'm new to the list, just thought it's the best place to talk about Git. I'm running a public read-only git server with git-daemon. I've recently noticed that my repos can't be cloned and found that particular CVE which made git to verify the owners of the git repos. fatal: detected dubious ownership in repository at '/srv/git/mgsautils.git' The feasible solution is to declare the directory safe in .gitconfig.
You can set global values in /etc/gitconfig, e.g.:
[safe]
directory = /srv/git/*
-K