On Sat, Aug 17, 2013 at 7:03 PM, Max Semenik <maxsem.wiki(a)gmail.com> wrote:
On 17.08.2013, 22:19 Brian wrote:
its more a config issue on our end than a problem
with gitblit.
Frankly, all web apps that allow anons do crazy shit with GET requests
should at least mark critical links with rel="nofollow", so at least
part of the blame lies on Gitblit:)
I think a more important problem is the various cache prevention
headers emitted by gitblit. Ops and Chad are well aware of that issue
and have gotten upstream fixes for that (with public bugzilla bugs and
google code issues!) and I guess are still working with upstream on
further fixes for those headers.
But this is not constructive to the "site hardening" thread so let's
either follow up on the other thread I just started or drop it
entirely.
-Jeremy