From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jeff King Subject: Re: [PATCH v5 2/2] submodule: pass on http.extraheader config settings Date: Thu, 28 Apr 2016 15:10:38 -0400 Message-ID: <20160428191038.GA10574@sigill.intra.peff.net> References: <89d0024450b0e6e9997ad9e3d681248bde1bafc0.1461837783.git.johannes.schindelin@gmx.de> <20160428112912.GB11522@sigill.intra.peff.net> <20160428134953.GB25364@sigill.intra.peff.net> <20160428153902.GF31063@sigill.intra.peff.net> <20160428165031.GA31421@sigill.intra.peff.net> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Cc: Stefan Beller , Jacob Keller , Johannes Schindelin , Git mailing list To: Junio C Hamano X-From: git-owner@vger.kernel.org Thu Apr 28 21:10:46 2016 Return-path: Envelope-to: gcvg-git-2@plane.gmane.org Received: from vger.kernel.org ([209.132.180.67]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1avrKo-0008L0-4H for gcvg-git-2@plane.gmane.org; Thu, 28 Apr 2016 21:10:46 +0200 Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751932AbcD1TKl (ORCPT ); Thu, 28 Apr 2016 15:10:41 -0400 Received: from cloud.peff.net ([50.56.180.127]:58672 "HELO cloud.peff.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with SMTP id S1751539AbcD1TKl (ORCPT ); Thu, 28 Apr 2016 15:10:41 -0400 Received: (qmail 10026 invoked by uid 102); 28 Apr 2016 19:10:40 -0000 Received: from Unknown (HELO peff.net) (10.0.1.2) by cloud.peff.net (qpsmtpd/0.84) with SMTP; Thu, 28 Apr 2016 15:10:40 -0400 Received: (qmail 13453 invoked by uid 107); 28 Apr 2016 19:10:42 -0000 Received: from sigill.intra.peff.net (HELO sigill.intra.peff.net) (10.0.0.7) by peff.net (qpsmtpd/0.84) with SMTP; Thu, 28 Apr 2016 15:10:42 -0400 Received: by sigill.intra.peff.net (sSMTP sendmail emulation); Thu, 28 Apr 2016 15:10:38 -0400 Content-Disposition: inline In-Reply-To: Sender: git-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org Archived-At: On Thu, Apr 28, 2016 at 12:06:56PM -0700, Junio C Hamano wrote: > Jeff King writes: > > > On Thu, Apr 28, 2016 at 09:09:44AM -0700, Stefan Beller wrote: > > > >> > I think the key thing with a blacklist is somebody has to go to the work > >> > to audit the existing keys. > >> > >> Would it be sufficient to wait until someone screams at the mailing list > >> for some key to be blacklisted? (I mean in the short term that would be > >> of less quality, but relying on the larger community would result in a better > >> end result? So your going through is just a jump start this process of > >> listening to the community?) > > > > Yeah, I think ultimately we will rely on the community. But I would feel > > a lot more comfortable if somebody made at least a single pass. > > > > I'll be curious what Junio says, too. I generally defer to him on how > > conservative we want to be in cases like this. > > Starting from an empty whitelist and waiting for people to scream > with valid use cases would automatically give us the single pass to > identify the set of essential ones that users must be able to pass, > no? It's definitely sufficient, it's just annoying if a user shows up every week and says "I want X.Y", and then somebody else shows up a week later and says "I want X.Z". Are we serving any purpose in vetting each one (and if so, what)? -Peff