Re: Is OS X still supported?

Re: Is OS X still supported?

[Michał Staruch]

Thanks for the information that binary builds are availably on
SourceForge faster than on git-scm. I can see the v2.8.1 for OS X was
uploaded few hours ago to the SF, so my main problem (lack of security
fixes in git for OS X) is solved.

The automation process should be probably reviewed, though - because
all the other folks around the world using git-scm (not the SF) to
download OS X builds are still stuck at v2.6.4. Ideally git-scm would
point to the new Mac version within single minutes since the release
(or even seconds) - not hours, days, or weeks.

From my point of view SourceForge vs GitHub is kinda implementation
detail. I'd go with GitHub as it's more convenient to use and supported
HTTPS since the beginning. And then SF had really bad idea with pushing
malware (see https://sourceforge.net/p/forge/site-support/7414/). But
as long as git-scm will be getting binaries on time most folks won't
really care about details of delivery process.


On Tue, Apr 5, 2016 at 6:43 PM, Tim Harper <timcharper@gmail.com> wrote:
> It is still supported. I'm not sure why git-scm is pointing to the wrong version. There's been some discussion to upload to github instead, which I'm for, but SourceForge publishing is already automated.
>
>> On Apr 5, 2016, at 10:38, Junio C Hamano <gitster@pobox.com> wrote:
>>
>> Michał Staruch <msta@cinkciarz.pl> writes:
>>
>>> I'd like to ask if OS X is still supported platform for git. Sources
>>> and Windows build were updated to version 2.8.1, while OS X build
>>> stopped at 2.6.4, staying vulnerable to CVE-2016-2315 and
>>> CVE-2016-2324.
>>
>> Thanks for asking.
>>
>> Tim Harper (CC'ed) helps the OSX users by supplying the OSX
>> installer.
>>
>> I think git-scm.com attempts to show the latest OSX installer from
>> https://sourceforge.net/projects/git-osx-installer/.
>>
>> It's funny that that
>>
>>  https://sourceforge.net/projects/git-osx-installer/files/
>>
>> does list 2.7.1 that is newer than 2.6.4, but the quick download
>> link on that page points at 2.6.2; there is something screwy
>> happening at sourceforge.  I am not sure how git-scm.com chooses to
>> claim that 2.6.4 is the latest.  There seems to be an issue open on
>> this.
>>
>>    https://github.com/git/git-scm.com/issues/715
>>
>> As I do not do binary packaging for individual platforms, I cannot
>> be of more help than what this message says; sorry about that.
>>
>> Next time please send any message that is related to Git to either
>> git@vger.kernel.org mailing list (public) or if you want to
>> privately discuss security related issues that are not yet known to
>> the public, then to git-security@googlegroups.com [*1*].  There are
>> at least three reasons to do so:
>>
>> - A message that is addressed only to gitster@pobox.com and not one
>>   of these lists are often eaten by spam filters and will not be
>>   seen by me.
>>
>> - I am not an expert on everything that is related to Git (this
>>   topic is a good example), and people more qualified to answer are
>>   on these lists.
>>
>> - I suspect that you are not the only Git user on OSX, so there
>>   must be more people wondering the same thing as you are, so
>>   asking git@vger.kernel.org would help other OSX users.
>>
>> I almost added "Cc: git@vger.kernel.org" myself on this response,
>> but I didn't because there might be a reason for you to hide your
>> e-mail address from the public (some people are weird that way, and
>> you might be one of them but I couldn't tell because I do not know
>> you).  If you do not mind helping other OSX users, I am fine if you
>> CC'ed your response to this message to git@vger.kernel.org while
>> quoting everything I wrote here.
>>
>> Thanks.
>>
>>
>> [Footnote]
>>
>> *1* Both of these two lists accept messages from non-subscribers,
>> i.e.  you can send messages to them without subscribing to them, and
>> you'll be kept in the loop in the discussion by CC'ing the original
>> poster.
>

Re: Is OS X still supported?

[Johannes Schindelin]

[-- Attachment #1: Type: text/plain, Size: 2028 bytes --]

Hi Michał,

you probably would have received a more timely response if you

1. had avoided top-posting, and
2. had kicked into action yourself rather than feeling somebody else
   should solve your problem.

On Tue, 5 Apr 2016, Michał Staruch wrote:

> Thanks for the information that binary builds are availably on
> SourceForge faster than on git-scm. I can see the v2.8.1 for OS X was
> uploaded few hours ago to the SF, so my main problem (lack of security
> fixes in git for OS X) is solved.

You are welcome, not only for the information, of course, but also for the
bug fixes. Would be nice to thank hard-working people like Peff for that,
every once in a while.

> The automation process should be probably reviewed, though - because all
> the other folks around the world using git-scm (not the SF) to download
> OS X builds are still stuck at v2.6.4. Ideally git-scm would point to
> the new Mac version within single minutes since the release (or even
> seconds) - not hours, days, or weeks.

The first time I read this paragraph, I closed the mail right then and
there. And I normally would not have looked at it again.

You see, the code running git-scm.com is Open Source, which means that you
can fix it just as well as everybody else. Of course it takes a bit more
effort than to tell other people what you think they should do, yet taking
action would have been the appropriate thing to do. Admittedly I find that
sense of entitlement that I read in the above-quoted paragraph quite
appalling.

So why did I open this mail again, then? Easy: I did not notice any other
report of the same issue, and the problem was shared by one of my
colleagues, so I went ahead and fixed it (note that I am probably even
less of a Ruby/Rake expert than you are, yet the documentation how to
develop this beast locally is so good that even I was able to develop and
test the fix):

	https://github.com/git/git-scm.com/pull/741

I guess this is your lucky day ;-)

Ciao,
Johannes