From: Junio C Hamano <gitster@pobox.com>
To: Jonathan Nieder <jrnieder@gmail.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>, git@vger.kernel.org
Subject: Re: RFE: version-controlled merge rules
Date: Fri, 28 Dec 2018 06:35:23 -0800 [thread overview]
Message-ID: <xmqqo995pvmc.fsf@gitster-ct.c.googlers.com> (raw)
In-Reply-To: <20181227235526.GF146609@google.com> (Jonathan Nieder's message of "Thu, 27 Dec 2018 15:55:26 -0800")
Jonathan Nieder <jrnieder@gmail.com> writes:
> The main issue I see is that this would make it a little *too* easy to
> run arbitrary code on the user's machine. Build systems often already
> lead to that, but users are more familiar with the risks for build
> than for version control.
>
> See [1] for some related discussion.
>
> That said, using the include.path feature (see git-config(1)), it's
> possible to do something similar:
>
> [include]
> path = ../.gitconfig
>
> Thanks and hope that helps,
The issue the arrangement to specify what kind of files they are in
the attribute system and to specify what exact commands to be run in
the configuration addresses is twofold. The security issue is one
and poking a hole with include.path mechanism is probably OK as
there is end-user consent, but I tend to agree that a similar risk
already exists by a project shipping Makefile et al.
There is the other side of the issue.
The arrangement allows project not to be monoculture by leaving the
exact command sequence to use on the kind of files (specified by the
project with the attribute system) up to the end-user in their
configuration. While Peter may feel that sort piped to head may be
available on all the reasonable UNIX systems, his merge driver would
not work on other platforms. There already is a similar reliance of
monoculture by a project shipping Makefile et al, which is an
interesting parallel.
next prev parent reply other threads:[~2018-12-28 14:35 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-27 20:16 RFE: version-controlled merge rules H. Peter Anvin
2018-12-27 23:55 ` Jonathan Nieder
2018-12-28 4:48 ` H. Peter Anvin
2018-12-28 16:03 ` Duy Nguyen
2018-12-28 14:35 ` Junio C Hamano [this message]
2018-12-29 9:14 ` hpa
2018-12-28 8:42 ` Ævar Arnfjörð Bjarmason
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqo995pvmc.fsf@gitster-ct.c.googlers.com \
--to=gitster@pobox.com \
--cc=git@vger.kernel.org \
--cc=hpa@zytor.com \
--cc=jrnieder@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).