From: "Avery Pennarun" <apenwarr@gmail.com>
To: "Junio C Hamano" <gitster@pobox.com>, git <git@vger.kernel.org>
Subject: Re: Intricacies of submodules
Date: Fri, 18 Apr 2008 14:30:03 -0400 [thread overview]
Message-ID: <32541b130804181130s21e6ea5bm38ea0b35cd009d3e@mail.gmail.com> (raw)
In-Reply-To: <32541b130804181128j57d76edcsbbd5fb8d4c782ae7@mail.gmail.com>
On 4/17/08, Junio C Hamano <gitster@pobox.com> wrote:
> Linus Torvalds <torvalds@linux-foundation.org> writes:
> > So if we do end up doing a "tracked config file", I'd personally very much
> > prefer it be limited in some way. For example, we obviously track the
> > .gitignore and .gitattributes files, but they are much more limited in
> > their effects. Maybe we could have a "limited config file" that allows for
> > *some* config options to be set?
>
> Yes, that's all what I have been trying to say ;-)
How about this: we know that *most* options are harmless, at least
from a security point of view. AFAIK it's really just the ones where
you specify shell commands that are unsafe.
Why not have a list of "safe" config options in git, and when reading
.gitconfig, error out if any of the options in that file are unsafe.
(Alternatively: silently ignore the unsafe ones, or warn and then
ignore the unsafe ones.) A more advanced variation of the same would
be to have .git/config options that list specific exceptions to the
safe list, so if .gitconfig causes an error, you can *explicitly* git
config set to let .gitconfig override them.
Another possibility would be to have an "unsafe" list instead of a
"safe" list, but that sounds rather error-prone to me.
Have fun,
Avery
next prev parent reply other threads:[~2008-04-18 18:30 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-03-31 20:59 Migrating svn to git with heavy use of externals D. Stuart Freeman
2008-04-08 18:07 ` D. Stuart Freeman
2008-04-08 20:06 ` Avery Pennarun
2008-04-08 20:49 ` D. Stuart Freeman
2008-04-08 21:01 ` Avery Pennarun
2008-04-08 22:47 ` D. Stuart Freeman
2008-04-09 3:03 ` Roman Shaposhnik
2008-04-09 3:33 ` Avery Pennarun
2008-04-09 4:39 ` Roman Shaposhnik
2008-04-09 6:34 ` Avery Pennarun
2008-04-09 6:43 ` Junio C Hamano
2008-04-10 3:43 ` Intricacies of submodules [was: Migrating svn to git with heavy use of externals] Roman Shaposhnik
2008-04-10 5:53 ` Intricacies of submodules Junio C Hamano
2008-04-10 20:32 ` Roman Shaposhnik
2008-04-11 5:20 ` Junio C Hamano
2008-04-11 16:04 ` Ping Yin
2008-04-11 22:32 ` Junio C Hamano
2008-04-12 3:13 ` Roman Shaposhnik
2008-04-12 5:11 ` Junio C Hamano
2008-04-14 19:52 ` Roman Shaposhnik
2008-04-15 1:13 ` Junio C Hamano
2008-04-15 2:13 ` Ping Yin
2008-04-16 3:49 ` Roman V. Shaposhnik
2008-04-17 18:09 ` Jeremy Maitin-Shepard
2008-04-17 19:06 ` Linus Torvalds
2008-04-17 20:04 ` Junio C Hamano
[not found] ` <32541b130804181128j57d76edcsbbd5fb8d4c782ae7@mail.gmail.com>
2008-04-18 18:30 ` Avery Pennarun [this message]
2008-04-17 19:50 ` Roman V. Shaposhnik
2008-04-17 20:06 ` Martin Langhoff
2008-04-17 20:44 ` Junio C Hamano
2008-04-17 21:00 ` Sverre Rabbelier
2008-04-17 21:25 ` Martin Langhoff
2008-04-17 21:27 ` Sverre Rabbelier
2008-04-17 21:31 ` Martin Langhoff
2008-04-18 1:41 ` Ping Yin
2008-04-17 22:29 ` Dmitry Potapov
2008-04-17 22:32 ` Linus Torvalds
2008-04-18 1:48 ` Ping Yin
2008-04-18 14:02 ` Jakub Narebski
2008-04-12 3:20 ` Ping Yin
2008-04-14 19:56 ` Roman Shaposhnik
2008-04-12 4:02 ` Ping Yin
2008-04-12 5:25 ` Junio C Hamano
2008-04-12 6:26 ` Ping Yin
2008-04-10 16:07 ` Intricacies of submodules [was: Migrating svn to git with heavy use of externals] Ping Yin
2008-04-10 19:27 ` Roman Shaposhnik
2008-04-09 19:57 ` Roman Shaposhnik
2008-04-09 20:27 ` Avery Pennarun
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=32541b130804181130s21e6ea5bm38ea0b35cd009d3e@mail.gmail.com \
--to=apenwarr@gmail.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).