From: Johannes Schindelin <Johannes.Schindelin@gmx.de>
To: Jeff King <peff@peff.net>
Cc: Junio C Hamano <gitster@pobox.com>,
Stefan Beller <sbeller@google.com>,
Jacob Keller <jacob.keller@gmail.com>,
Git mailing list <git@vger.kernel.org>
Subject: Re: [PATCH v5 2/2] submodule: pass on http.extraheader config settings
Date: Fri, 29 Apr 2016 14:29:25 +0200 (CEST) [thread overview]
Message-ID: <alpine.DEB.2.20.1604291417580.9313@virtualbox> (raw)
In-Reply-To: <20160428210026.GA12268@sigill.intra.peff.net>
Hi Peff,
On Thu, 28 Apr 2016, Jeff King wrote:
> On Thu, Apr 28, 2016 at 12:28:21PM -0700, Junio C Hamano wrote:
>
> > Jeff King <peff@peff.net> writes:
> >
> > > It's definitely sufficient, it's just annoying if a user shows up
> > > every week and says "I want X.Y", and then somebody else shows up a
> > > week later and says "I want X.Z".
> > >
> > > Are we serving any purpose in vetting each one (and if so, what)?
> >
> > Personally I do not think we would need to filter _anything_ if we can
> > tell that the user directly said
> >
> > git -c var1=val1 -c var2=val2 $cmd ...
> >
> > and "git $cmd" ended up needing to spawn another "git" subcommand,
> > possibly in some other repository (i.e. "$cmd" in this case is likely
> > to be "submodule", but in principle it does not have to be). If the
> > user somehow gives variables like core.worktree that are inappropriate
> > to be applied across repositories, that's user's problem, i.e. "don't
> > do it then if it hurts".
>
> Right, we are talking about that direct case here. And any time our
> filter heuristic lets something through, it is probably "if it hurts
> don't do it" as the worst case.
The more I think about it, I actually think that we do the user a *really*
great disservice by filtering the CONFIG_DATA_ENVIRONMENT. If I call
git -c ... $cmd
and that configuration is *not* picked up, it is much worse than letting
users shoot themselves in their own feet by specifying config settings
that are *prone* to wreak havoc.
> So I think the only two cases worth filtering are:
>
> 1. Ones where we _know_ that the config is nonsense to pass along,
> _and_ where a user might conceivably make use of the
> just-the-top-level version of it (core.worktree
> comes to mind, though of course they are probably better served by
> "--work-tree" in such a case).
> 2. An option where we think there may be some security implication.
> Setting "http.sslverify" to false does have some security
> implications ("oops, I only meant to turn off verification for the
> root repo, and I got MiTM-attacked for the submodules!"). But it's
> so obscure and unlikely that I think the benefit outweighs it.
I can see that happening when somebody calls an alias with `git -c ...`
and that alias performs actions in the top-level project as well as all
submodules.
But. Do we really have to be "Big Daddy" for users who do that?
> I am OK staying with a whitelist.
Me, too. But I am even more in favor of abandoning this "we know what is
good for you" approach, i.e. that whitelist that filters
CONFIG_DATA_ENVIRONMENT.
Ciao,
Dscho
next prev parent reply other threads:[~2016-04-29 12:30 UTC|newest]
Thread overview: 119+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-25 13:13 [PATCH] http: Support sending custom HTTP headers Johannes Schindelin
2016-04-25 15:53 ` Shawn Pearce
2016-04-25 17:03 ` Jeff King
2016-04-26 15:37 ` Johannes Schindelin
2016-04-26 16:57 ` Jeff King
2016-04-25 18:43 ` Junio C Hamano
2016-04-26 15:33 ` Johannes Schindelin
2016-04-26 16:22 ` Junio C Hamano
2016-04-26 17:38 ` Jeff King
2016-04-27 6:31 ` Johannes Schindelin
2016-04-27 7:52 ` Jeff King
2016-04-27 11:56 ` Johannes Schindelin
2016-04-26 15:40 ` [PATCH v2] http: support " Johannes Schindelin
2016-04-26 17:03 ` Junio C Hamano
2016-04-26 17:12 ` Jeff King
2016-04-26 17:20 ` Junio C Hamano
2016-04-26 17:44 ` Jeff King
2016-04-27 6:08 ` Johannes Schindelin
2016-04-27 6:29 ` Johannes Schindelin
2016-04-26 19:05 ` Junio C Hamano
2016-04-27 6:29 ` [PATCH v3] " Johannes Schindelin
2016-04-27 12:20 ` [PATCH v4] " Johannes Schindelin
2016-04-27 19:30 ` Jeff King
2016-04-27 21:03 ` Junio C Hamano
2016-04-28 10:03 ` [PATCH v5 0/2] Add support for sending additional " Johannes Schindelin
2016-04-28 10:03 ` [PATCH v5 1/2] http: support sending custom " Johannes Schindelin
2016-04-28 10:03 ` [PATCH v5 2/2] submodule: pass on http.extraheader config settings Johannes Schindelin
2016-04-28 11:29 ` Jeff King
2016-04-28 12:19 ` Johannes Schindelin
2016-04-28 13:49 ` Jeff King
2016-04-28 15:37 ` Jacob Keller
2016-04-28 15:39 ` Jeff King
2016-04-28 16:09 ` Stefan Beller
2016-04-28 16:50 ` Jeff King
2016-04-28 19:06 ` Junio C Hamano
2016-04-28 19:10 ` Jeff King
2016-04-28 19:28 ` Junio C Hamano
2016-04-28 19:34 ` Stefan Beller
2016-04-28 19:52 ` Junio C Hamano
2016-04-28 19:53 ` Junio C Hamano
2016-04-28 20:01 ` Stefan Beller
2016-04-28 22:47 ` Junio C Hamano
2016-04-28 21:03 ` Jeff King
2016-04-28 21:12 ` Stefan Beller
2016-04-28 22:44 ` Junio C Hamano
2016-04-29 13:35 ` Jeff King
2016-04-28 21:00 ` Jeff King
2016-04-28 21:08 ` Stefan Beller
2016-04-28 21:20 ` Jeff King
2016-04-29 12:29 ` Johannes Schindelin [this message]
2016-04-29 13:26 ` Jeff King
2016-04-28 13:53 ` Jeff King
2016-04-28 19:41 ` Junio C Hamano
2016-04-29 12:35 ` Johannes Schindelin
2016-04-29 12:48 ` Johannes Schindelin
2016-04-29 13:10 ` Jeff King
2016-04-29 15:56 ` Johannes Schindelin
2016-05-04 6:14 ` [PATCH v6 0/2] Add support for sending additional HTTP headers Johannes Schindelin
2016-05-04 6:14 ` [PATCH v6 1/2] http: support sending custom " Johannes Schindelin
2016-05-05 19:10 ` Lars Schneider
2016-05-05 19:40 ` Junio C Hamano
2016-05-05 20:03 ` Jeff King
2016-05-04 6:14 ` [PATCH v6 2/2] submodule: pass on http.extraheader config settings Johannes Schindelin
2016-05-04 6:26 ` [PATCH v6 0/2] Add support for sending additional HTTP headers Jeff King
2016-05-04 7:36 ` Junio C Hamano
2016-05-04 11:20 ` Johannes Schindelin
2016-05-04 18:23 ` Junio C Hamano
2016-05-04 7:45 ` Jeff King
2016-05-04 8:00 ` [PATCH] submodule: stop sanitizing config options Jeff King
2016-05-04 8:17 ` Junio C Hamano
2016-05-04 11:25 ` Johannes Schindelin
2016-05-04 17:58 ` Stefan Beller
2016-05-04 19:04 ` Jeff King
2016-05-04 18:43 ` Junio C Hamano
2016-05-04 19:09 ` Jeff King
2016-05-04 22:53 ` Stefan Beller
2016-05-05 1:22 ` Jeff King
2016-05-05 16:59 ` Junio C Hamano
2016-05-05 20:14 ` Jeff King
2016-05-05 23:33 ` Junio C Hamano
2016-05-06 0:23 ` Stefan Beller
2016-05-06 1:00 ` Jeff King
2016-05-06 19:56 ` Junio C Hamano
2016-05-09 6:18 ` [PATCH v7 0/3] Add support for sending additional HTTP headers (part 2) Johannes Schindelin
2016-05-09 6:18 ` [PATCH v7 1/3] tests: Adjust the configuration for Apache 2.2 Johannes Schindelin
2016-05-09 8:03 ` Jeff King
2016-05-09 14:03 ` Johannes Schindelin
2016-05-09 14:27 ` Jeff King
2016-05-09 15:11 ` Johannes Schindelin
2016-05-09 16:42 ` Junio C Hamano
2016-05-09 16:51 ` Jeff King
2016-05-09 17:41 ` Junio C Hamano
2016-05-10 6:53 ` Johannes Schindelin
2016-05-10 7:13 ` Junio C Hamano
2016-05-09 16:23 ` Junio C Hamano
2016-05-10 6:37 ` Lars Schneider
2016-05-10 7:14 ` Junio C Hamano
2016-05-09 6:19 ` [PATCH v7 2/3] t5551: make the test for extra HTTP headers more robust Johannes Schindelin
2016-05-09 7:56 ` Lars Schneider
2016-05-09 8:05 ` Jeff King
2016-05-09 8:13 ` Johannes Schindelin
2016-05-09 8:20 ` Jeff King
2016-05-09 6:19 ` [PATCH v7 3/3] submodule: pass on http.extraheader config settings Johannes Schindelin
2016-05-10 7:08 ` [PATCH v8 0/3] Add support for sending additional HTTP headers (part 2) Johannes Schindelin
2016-05-10 7:08 ` [PATCH v8 1/3] tests: adjust the configuration for Apache 2.2 Johannes Schindelin
2016-05-10 17:31 ` Junio C Hamano
2016-05-10 7:08 ` [PATCH v8 2/3] t5551: make the test for extra HTTP headers more robust Johannes Schindelin
2016-05-10 17:34 ` Junio C Hamano
2016-05-11 17:13 ` t5551 hangs ? Torsten Bögershausen
2016-05-11 17:31 ` Jeff King
2016-05-11 20:03 ` Torsten Bögershausen
2016-05-12 3:16 ` Jeff King
2016-05-12 6:21 ` Torsten Bögershausen
2016-05-12 6:40 ` Jeff King
2016-05-12 7:29 ` Jeff King
2016-05-10 7:08 ` [PATCH v8 3/3] submodule: ensure that -c http.extraheader is heeded Johannes Schindelin
2016-05-10 17:38 ` Junio C Hamano
2016-05-11 6:57 ` Johannes Schindelin
[not found] ` <34DE0A16-F0B2-4379-8E02-5235D34FDD76@gmail.com>
2016-05-16 13:35 ` mail-patch-series.sh, was Re: [PATCH v7 0/3] Add support for sending additional HTTP headers (part 2) Johannes Schindelin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.DEB.2.20.1604291417580.9313@virtualbox \
--to=johannes.schindelin@gmx.de \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=jacob.keller@gmail.com \
--cc=peff@peff.net \
--cc=sbeller@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).