no-no-hes-got-a-point.jpg
I don’t see why every tt-rss instance using the default docker image is also a git mirror of the tt-rss repository. It wouldn’t hurt if it was hidden by nginx or something.
web-nginx config could set .git location as internal but what problem would this solve exactly?
p.s. the idiotic part is contacting me because someone in France cloned my git repo. we don’t even know if instance owner is using my containers.
I agree that it’s no big deal. The worst thing that could happen is that an attacker finds out if an instance hasn’t been updated and is still using a vulnerable version (for example).
On the other hand, blocking access to .git means you stop getting cold call emails like the one above.
Why do the docker images contain the .git directory anyway? You could save 11MB by adding it to the .dockerignore file?
At least the static images don’t update themselves.
that’s a really good idea. i’ll make a note to do just that.
https://gitlab.tt-rss.org/tt-rss/tt-rss/-/merge_requests/9
let’s see if this breaks anything 
i poked at the branch image and it didn’t but who knows