James Mills

See #227 this is unlikely to get removed. I'm just going through this myself to understand "why".

There are currently no k own active registries in use today. Worse no modern clients currently support the registry API.

I think a better question is why registries didn't get widelyadopted in the first place?

Die some digging into this and this is what's happening on the wire: ``` C: GET /gitxt/info/refs?service=git-upload-pack HTTP/1.1 Host: localhost:5555 User-Agent: git/2.37.1 (Apple Git-137.1) Accept: */* Accept-Encoding: deflate, gzip Proxy-Connection:...

Some more useful information (discovered how to convince `git` to debug packets): ``` Fri Dec 30 15:14:48 ~/tmp/gitxt (main) 0 $ GIT_TRACE=true GIT_TRACE_PACKET=true git pull --rebase 15:15:00.118967 exec-cmd.c:139 trace: resolved...

@mcarmonaa / @pjbgf Happy New Year 🥳 Happy #2023 😅 -- Would either of you have time soon™ to help me out with this one? 🙏

ping

@gl-yziquel I forked legit long ago and also wanted to switch to using go-git in [gittxt](https://gitxt.net/gitxt); sadly I was never able to solve this particular issue, so gitxt stalled as...

This rule is also a false positive for simple posts to a web app ([yarn](https://git.mils.io/yarnsocial/yarn)): ``` "msg": "Remote Command Execution: Windows Command Injection", 10 | "data": "Matched Data: ` at...

I've now added this to the end of my config (_after loading the OWASP ruleset_): ``` SecRuleRemoveById 932370 ```