commit ac8bf7dc9ad71b20ffe81ce80b7df061c710ffa7
from: Stefan Sperling <stsp@stsp.name>
date: Fri Feb 03 14:42:17 2023 UTC

add a TODO item regarding missing client-side pack content verification

commit - e294dc4e38dcf1364451a3a7a3724a07a9e42048
commit + ac8bf7dc9ad71b20ffe81ce80b7df061c710ffa7
blob - d75e10cd2cd9a9b8359f7bf5f06d7d829e9c72b5
blob + faa8465245b6dbd5dfda98c66195606dddac986f
--- TODO
+++ TODO
@@ -21,6 +21,9 @@ got:
   passes.
 - investigate wether it's worth for 'got patch' to memory-map the files to
   edit.  (c.f. Plan A / Plan B in Larry' patch.)
+- when fetching pack files got should verify that the requested branch tips
+  are present in the pack file sent by the server, before making this pack
+  file visible to readers of the repository
 
 network protocol:
 - add http(s) transport with libtls, speaking the two Git HTTP protocols