From: Josh Triplett <josh@joshtriplett.org>
To: git@vger.kernel.org
Subject: [RFC] git-format-patch: default to --from to avoid spoofed mails?
Date: Thu, 28 Jul 2016 14:11:51 -0700 [thread overview]
Message-ID: <20160728211149.GA371@x> (raw)
When git-format-patch formats a patch authored by someone other than
yourself, it defaults to filling in the "From:" field of the email from
the commit author. If you explicitly pass the --from option,
git-format-patch will instead use your own committer identity as the
"From:", and then put a "From:" line at the top of the body if the
commit author differs. (git-am know to use that as the commit author
when applying.)
While git-send-email knows how to change the patch mails to use your own
address as "From:" and add a "From:" line to the body for the author,
any other tool used to send emails doesn't do that. I've seen more than
a few mails sent to various mailing lists and patch review tools with a
spoofed "From:" field pointing to the commit author, typically without
the knowledge of the author, which can lead to interesting surprises.
I'd like to propose changing the default behavior of git-format-patch to
--from (and adding a --from-author option to override, and perhaps a
config setting). This will not change the output *except* when
formatting patches authored by someone else. git-am and git-send-email
both handle the --from format without any issues.
Before I write such a patch: does anyone see a problem with such a
change?
- Josh Triplett
next reply other threads:[~2016-07-28 21:12 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-28 21:11 Josh Triplett [this message]
2016-07-28 21:37 ` [RFC] git-format-patch: default to --from to avoid spoofed mails? Junio C Hamano
2016-07-28 21:56 ` Jeff King
2016-07-28 22:14 ` Junio C Hamano
2016-07-28 23:53 ` Josh Triplett
2016-07-29 0:17 ` Jeff King
2016-07-29 0:16 ` Jeff King
2016-07-29 2:08 ` Josh Triplett
2016-07-29 22:58 ` Jeff King
2016-07-30 4:50 ` Josh Triplett
2016-07-30 5:47 ` Jeff King
2016-07-30 5:57 ` Josh Triplett
2016-07-30 9:41 ` [PATCH 0/2] format-patch: Transition the default to --from to avoid spoofed mails Josh Triplett
2016-08-01 17:35 ` [RFC] git-format-patch: default to --from to avoid spoofed mails? Junio C Hamano
2016-08-01 17:43 ` Jeff King
2016-08-01 18:59 ` Junio C Hamano
2016-07-29 0:04 ` Josh Triplett
2016-07-29 0:05 ` Josh Triplett
2016-07-29 16:56 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160728211149.GA371@x \
--to=josh@joshtriplett.org \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).