From: Emily Shaffer <emilyshaffer@google.com>
To: Junio C Hamano <gitster@pobox.com>
Cc: git@vger.kernel.org
Subject: Re: [PATCH v4 10/15] bugreport: add config values from safelist
Date: Thu, 23 Jan 2020 19:29:05 -0800 [thread overview]
Message-ID: <20200124032905.GA37541@google.com> (raw)
In-Reply-To: <xmqqfthij1ac.fsf@gitster-ct.c.googlers.com>
On Tue, Dec 17, 2019 at 09:43:23AM -0800, Junio C Hamano wrote:
> Emily Shaffer <emilyshaffer@google.com> writes:
>
> >> But that is too simple-minded. If we wanted to safelist foo.*.bar,
> >> where '*' can be anything, walking on the list of safe variables
> >> would not work. We must have a hash table that knows "foo.*.bar" is
> >> allowed, and while walking all the configuration keys, when we see
> >> foo.a.bar, we consult "foo.*.bar" as well as "foo.a.bar" to see if
> >> it is whitelisted, or something like that.
> >
> > ...unless we want to use wildcards like you suggest.
> >
> > But I'm not sure it's a good idea. I envision someone writing another
> > Git add-on, which offers someone to specify "user.password" ...
>
> Wildcarding the leaf level of two (or for that matter three) level
> names like "user.*" in your example is of course a nonsense way to
> use the safelist. But think about three-level names where the
> second level is designed to be used for user-supplied token to give
> things of similar nature a name the user can use to distinguish
> things. If remote.origin.url is worth reporting, wouldn't
> remote.upstream.url also be? Shouldn't remote.*.url be the way to
> say "the URL field for each and every remote is a safe thing to
> report" in the safelist?
Bah, somehow this mail slipped through the cracks for me.
When you put it that way, I see how it can be useful. Although I admit
to fatigue on this patchset and now I'm hesitant about feature creep. :)
I'm going to send the reroll for v5 as I have it, not having seen this
mail, and think more about how I'd approach wildcarding in the middle
like this. I want to take a look at the other configs which use a middle
level as a user token and try to reason about whether we ought to be
collecting them. I'll hope to report back sooner (or later).
- Emily
next prev parent reply other threads:[~2020-01-24 3:29 UTC|newest]
Thread overview: 273+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-13 0:42 [PATCH v4 00/15] add git-bugreport tool Emily Shaffer
2019-12-13 0:42 ` [PATCH v4 01/15] bugreport: add tool to generate debugging info Emily Shaffer
2019-12-13 0:42 ` [PATCH v4 02/15] help: move list_config_help to builtin/help Emily Shaffer
2019-12-13 20:51 ` Junio C Hamano
2019-12-16 21:36 ` Emily Shaffer
2019-12-16 22:19 ` Junio C Hamano
2019-12-16 22:34 ` Emily Shaffer
2019-12-13 0:43 ` [PATCH v4 03/15] bugreport: gather git version and build info Emily Shaffer
2019-12-13 21:06 ` Junio C Hamano
2019-12-20 1:46 ` Emily Shaffer
2019-12-17 18:45 ` Johannes Schindelin
2019-12-17 20:34 ` Junio C Hamano
2019-12-20 1:25 ` Emily Shaffer
2019-12-13 0:43 ` [PATCH v4 04/15] help: add shell-path to --build-options Emily Shaffer
2019-12-13 0:43 ` [PATCH v4 05/15] bugreport: add uname info Emily Shaffer
2019-12-13 21:12 ` Junio C Hamano
2020-01-10 2:05 ` Aaron Schrab
2019-12-13 0:43 ` [PATCH v4 06/15] bugreport: add glibc version Emily Shaffer
2019-12-13 21:18 ` Junio C Hamano
2019-12-16 22:39 ` Emily Shaffer
2019-12-13 0:43 ` [PATCH v4 07/15] bugreport: add curl version Emily Shaffer
2019-12-13 21:27 ` Junio C Hamano
2019-12-16 22:49 ` Emily Shaffer
2019-12-17 18:47 ` Johannes Schindelin
2019-12-13 0:43 ` [PATCH v4 08/15] bugreport: include user interactive shell Emily Shaffer
2019-12-13 21:38 ` Junio C Hamano
2019-12-13 0:43 ` [PATCH v4 09/15] bugreport: generate config safelist based on docs Emily Shaffer
2019-12-13 22:57 ` Junio C Hamano
2019-12-16 23:01 ` Emily Shaffer
2019-12-17 0:41 ` Emily Shaffer
2019-12-15 20:17 ` Johannes Schindelin
2019-12-16 22:52 ` Emily Shaffer
2019-12-17 18:38 ` Johannes Schindelin
2019-12-13 0:43 ` [PATCH v4 10/15] bugreport: add config values from safelist Emily Shaffer
2019-12-13 21:45 ` Junio C Hamano
2019-12-16 23:40 ` Emily Shaffer
2019-12-17 17:43 ` Junio C Hamano
2020-01-24 3:29 ` Emily Shaffer [this message]
2019-12-29 20:17 ` Johannes Schindelin
2019-12-13 0:43 ` [PATCH v4 11/15] bugreport: collect list of populated hooks Emily Shaffer
2019-12-13 21:47 ` Junio C Hamano
2019-12-16 23:51 ` Emily Shaffer
2019-12-13 0:43 ` [PATCH v4 12/15] bugreport: count loose objects Emily Shaffer
2019-12-13 21:51 ` Junio C Hamano
2019-12-16 23:54 ` Emily Shaffer
2019-12-13 0:43 ` [PATCH v4 13/15] bugreport: add packed object summary Emily Shaffer
2019-12-13 21:56 ` Junio C Hamano
2019-12-16 23:56 ` Emily Shaffer
2019-12-13 0:43 ` [PATCH v4 14/15] bugreport: list contents of $OBJDIR/info Emily Shaffer
2019-12-13 0:43 ` [PATCH v4 15/15] bugreport: summarize contents of alternates file Emily Shaffer
2020-01-24 3:34 ` [PATCH v5 00/15] add git-bugreport tool emilyshaffer
2020-01-24 3:34 ` [PATCH v5 01/15] bugreport: add tool to generate debugging info emilyshaffer
2020-01-30 22:18 ` Martin Ågren
2020-02-04 22:00 ` Emily Shaffer
2020-01-24 3:34 ` [PATCH v5 02/15] help: move list_config_help to builtin/help emilyshaffer
2020-01-30 22:19 ` Martin Ågren
2020-02-04 0:53 ` Emily Shaffer
2020-01-24 3:34 ` [PATCH v5 03/15] bugreport: gather git version and build info emilyshaffer
2020-01-30 22:19 ` Martin Ågren
2020-02-04 22:21 ` Emily Shaffer
2020-01-24 3:34 ` [PATCH v5 04/15] help: add shell-path to --build-options emilyshaffer
2020-01-30 22:21 ` Martin Ågren
2020-01-24 3:34 ` [PATCH v5 05/15] bugreport: add uname info emilyshaffer
2020-01-24 3:34 ` [PATCH v5 06/15] bugreport: add compiler info emilyshaffer
2020-01-30 22:21 ` Martin Ågren
2020-02-04 22:51 ` Emily Shaffer
2020-02-05 19:47 ` Martin Ågren
2020-01-24 3:34 ` [PATCH v5 07/15] bugreport: add curl version emilyshaffer
2020-01-30 22:27 ` Martin Ågren
2020-02-04 22:54 ` Emily Shaffer
2020-01-24 3:34 ` [PATCH v5 08/15] bugreport: include user interactive shell emilyshaffer
2020-01-30 22:28 ` Martin Ågren
2020-02-04 23:16 ` Emily Shaffer
2020-02-05 20:06 ` Junio C Hamano
2020-02-05 20:14 ` Martin Ågren
2020-01-24 3:34 ` [PATCH v5 09/15] bugreport: generate config safelist based on docs emilyshaffer
2020-01-30 22:34 ` Martin Ågren
2020-02-05 0:44 ` Emily Shaffer
2020-02-05 19:53 ` Martin Ågren
2020-01-31 21:20 ` Martin Ågren
2020-02-05 0:30 ` Emily Shaffer
2020-02-05 0:52 ` Emily Shaffer
2020-01-24 3:34 ` [PATCH v5 10/15] bugreport: add config values from safelist emilyshaffer
2020-01-30 22:36 ` Martin Ågren
2020-02-05 1:34 ` Emily Shaffer
2020-01-31 21:25 ` Martin Ågren
2020-02-05 2:31 ` Emily Shaffer
2020-02-05 20:12 ` Martin Ågren
2020-01-24 3:34 ` [PATCH v5 11/15] bugreport: collect list of populated hooks emilyshaffer
2020-02-04 18:44 ` Junio C Hamano
2020-02-05 2:48 ` Emily Shaffer
2020-02-05 3:00 ` Emily Shaffer
2020-01-24 3:34 ` [PATCH v5 12/15] bugreport: count loose objects emilyshaffer
2020-02-04 18:48 ` Junio C Hamano
2020-02-05 2:50 ` Emily Shaffer
2020-01-24 3:34 ` [PATCH v5 13/15] bugreport: add packed object summary emilyshaffer
2020-02-04 19:00 ` Junio C Hamano
2020-02-05 3:15 ` Emily Shaffer
2020-02-04 19:03 ` Junio C Hamano
2020-02-05 3:09 ` Emily Shaffer
2020-01-24 3:34 ` [PATCH v5 14/15] bugreport: list contents of $OBJDIR/info emilyshaffer
2020-01-24 3:34 ` [PATCH v5 15/15] bugreport: summarize contents of alternates file emilyshaffer
2020-01-24 3:38 ` [PATCH v5 00/15] add git-bugreport tool Emily Shaffer
2020-01-28 23:04 ` Jonathan Tan
2020-01-28 23:26 ` Emily Shaffer
2020-01-30 22:15 ` Martin Ågren
2020-02-04 0:07 ` Emily Shaffer
2020-02-06 0:40 ` [PATCH v6 " Emily Shaffer
2020-02-06 0:40 ` [PATCH v6 01/15] help: move list_config_help to builtin/help Emily Shaffer
2020-02-06 1:35 ` Danh Doan
2020-02-13 22:58 ` Emily Shaffer
2020-02-13 23:07 ` Eric Sunshine
2020-02-13 23:24 ` Junio C Hamano
2020-02-13 23:29 ` Eric Sunshine
2020-02-14 1:20 ` Emily Shaffer
2020-02-06 0:40 ` [PATCH v6 02/15] help: add shell-path to --build-options Emily Shaffer
2020-02-06 0:40 ` [PATCH v6 03/15] bugreport: add tool to generate debugging info Emily Shaffer
2020-02-07 14:18 ` SZEDER Gábor
2020-02-07 18:51 ` Junio C Hamano
2020-02-11 22:40 ` Emily Shaffer
2020-02-07 14:54 ` SZEDER Gábor
2020-02-12 18:06 ` Junio C Hamano
2020-02-12 22:36 ` Emily Shaffer
2020-02-06 0:40 ` [PATCH v6 04/15] bugreport: gather git version and build info Emily Shaffer
2020-02-06 0:40 ` [PATCH v6 05/15] bugreport: add uname info Emily Shaffer
2020-02-06 0:40 ` [PATCH v6 06/15] bugreport: add compiler info Emily Shaffer
2020-02-06 0:41 ` [PATCH v6 07/15] bugreport: add git-remote-https version Emily Shaffer
2020-02-06 0:41 ` [PATCH v6 08/15] bugreport: include user interactive shell Emily Shaffer
2020-02-06 0:41 ` [PATCH v6 09/15] bugreport: generate config safelist based on docs Emily Shaffer
2020-02-07 15:30 ` SZEDER Gábor
2020-02-13 23:14 ` Emily Shaffer
2020-02-06 0:41 ` [PATCH v6 10/15] bugreport: add config values from safelist Emily Shaffer
2020-02-07 14:47 ` SZEDER Gábor
2020-02-07 15:08 ` SZEDER Gábor
2020-02-07 16:24 ` Eric Sunshine
2020-02-07 16:51 ` Andreas Schwab
2020-02-13 22:02 ` Emily Shaffer
2020-02-06 0:41 ` [PATCH v6 11/15] bugreport: collect list of populated hooks Emily Shaffer
2020-02-06 0:41 ` [PATCH v6 12/15] bugreport: count loose objects Emily Shaffer
2020-02-06 0:41 ` [PATCH v6 13/15] bugreport: add packed object summary Emily Shaffer
2020-02-06 0:41 ` [PATCH v6 14/15] bugreport: list contents of $OBJDIR/info Emily Shaffer
2020-02-06 0:41 ` [PATCH v6 15/15] bugreport: summarize contents of alternates file Emily Shaffer
2020-02-14 1:53 ` [PATCH v7 00/15] add git-bugreport tool Emily Shaffer
2020-02-14 1:53 ` [PATCH v7 01/15] help: move list_config_help to builtin/help Emily Shaffer
2020-02-14 1:53 ` [PATCH v7 02/15] help: add shell-path to --build-options Emily Shaffer
2020-02-14 1:53 ` [PATCH v7 03/15] bugreport: add tool to generate debugging info Emily Shaffer
2020-02-14 17:25 ` Junio C Hamano
2020-02-15 1:57 ` Emily Shaffer
2020-02-15 18:24 ` Junio C Hamano
2020-02-18 23:46 ` Emily Shaffer
2020-02-18 23:56 ` Emily Shaffer
2020-02-19 23:15 ` Emily Shaffer
2020-02-19 23:24 ` Junio C Hamano
2020-02-19 14:18 ` Johannes Schindelin
2020-02-19 16:55 ` Junio C Hamano
2020-02-19 21:52 ` Emily Shaffer
2020-02-19 22:09 ` Junio C Hamano
2020-02-19 23:06 ` Emily Shaffer
2020-02-14 1:53 ` [PATCH v7 04/15] bugreport: gather git version and build info Emily Shaffer
2020-02-14 1:53 ` [PATCH v7 05/15] bugreport: add uname info Emily Shaffer
2020-02-14 1:53 ` [PATCH v7 06/15] bugreport: add compiler info Emily Shaffer
2020-02-19 14:23 ` Johannes Schindelin
2020-02-19 22:45 ` Emily Shaffer
2020-02-20 22:33 ` Johannes Schindelin
2020-02-20 23:33 ` Emily Shaffer
2020-02-21 15:22 ` Johannes Schindelin
2020-02-22 0:04 ` Emily Shaffer
2020-02-24 2:55 ` Junio C Hamano
2020-02-14 1:53 ` [PATCH v7 07/15] bugreport: add git-remote-https version Emily Shaffer
2020-02-19 14:28 ` Johannes Schindelin
2020-02-19 22:28 ` Emily Shaffer
2020-02-19 22:33 ` Junio C Hamano
2020-02-20 22:33 ` Johannes Schindelin
2020-02-14 1:53 ` [PATCH v7 08/15] bugreport: include user interactive shell Emily Shaffer
2020-02-14 1:53 ` [PATCH v7 09/15] bugreport: generate config safelist based on docs Emily Shaffer
2020-02-14 1:53 ` [PATCH v7 10/15] bugreport: add config values from safelist Emily Shaffer
2020-02-14 1:53 ` [PATCH v7 11/15] bugreport: collect list of populated hooks Emily Shaffer
2020-02-14 1:53 ` [PATCH v7 12/15] bugreport: count loose objects Emily Shaffer
2020-02-14 1:53 ` [PATCH v7 13/15] bugreport: add packed object summary Emily Shaffer
2020-02-14 1:53 ` [PATCH v7 14/15] bugreport: list contents of $OBJDIR/info Emily Shaffer
2020-02-14 17:04 ` Junio C Hamano
2020-02-18 23:59 ` Emily Shaffer
2020-02-14 1:53 ` [PATCH v7 15/15] bugreport: summarize contents of alternates file Emily Shaffer
2020-02-14 17:32 ` [PATCH v7 00/15] add git-bugreport tool Junio C Hamano
2020-02-14 22:00 ` Emily Shaffer
2020-02-14 22:30 ` Junio C Hamano
2020-02-20 1:58 ` [PATCH v8 " Emily Shaffer
2020-02-20 1:58 ` [PATCH v8 01/15] help: move list_config_help to builtin/help Emily Shaffer
2020-02-20 1:58 ` [PATCH v8 02/15] help: add shell-path to --build-options Emily Shaffer
2020-02-20 19:03 ` Junio C Hamano
2020-02-20 21:15 ` Emily Shaffer
2020-02-20 1:58 ` [PATCH v8 03/15] bugreport: add tool to generate debugging info Emily Shaffer
2020-02-20 19:33 ` Junio C Hamano
2020-02-20 22:33 ` Emily Shaffer
2020-02-26 16:12 ` Johannes Schindelin
2020-02-20 1:58 ` [PATCH v8 04/15] bugreport: gather git version and build info Emily Shaffer
2020-02-20 20:07 ` Junio C Hamano
2020-02-20 23:03 ` Emily Shaffer
2020-02-20 23:18 ` Junio C Hamano
2020-02-20 1:58 ` [PATCH v8 05/15] bugreport: add uname info Emily Shaffer
2020-02-20 20:12 ` Junio C Hamano
2020-02-20 23:20 ` Emily Shaffer
2020-02-20 1:58 ` [PATCH v8 06/15] bugreport: add compiler info Emily Shaffer
2020-02-20 2:49 ` Danh Doan
2020-02-20 23:23 ` Emily Shaffer
2020-02-20 20:23 ` Junio C Hamano
2020-02-21 0:26 ` Junio C Hamano
2020-02-20 1:58 ` [PATCH v8 07/15] bugreport: add git-remote-https version Emily Shaffer
2020-02-20 20:35 ` Junio C Hamano
2020-02-20 23:28 ` Emily Shaffer
2020-02-21 3:44 ` Junio C Hamano
2020-02-25 22:08 ` Emily Shaffer
2020-02-25 22:26 ` Junio C Hamano
2020-02-25 23:29 ` Emily Shaffer
2020-02-25 23:29 ` Junio C Hamano
2020-02-25 23:55 ` Emily Shaffer
2020-02-20 1:58 ` [PATCH v8 08/15] bugreport: include user interactive shell Emily Shaffer
2020-02-20 1:58 ` [PATCH v8 09/15] bugreport: generate config safelist based on docs Emily Shaffer
2020-02-20 20:40 ` Junio C Hamano
2020-02-26 16:13 ` Johannes Schindelin
2020-02-26 16:49 ` Junio C Hamano
2020-02-20 1:58 ` [PATCH v8 10/15] bugreport: add config values from safelist Emily Shaffer
2020-02-20 20:47 ` Junio C Hamano
2020-02-20 1:58 ` [PATCH v8 11/15] bugreport: collect list of populated hooks Emily Shaffer
2020-02-20 20:58 ` Junio C Hamano
2020-02-25 23:19 ` Emily Shaffer
2020-02-20 1:58 ` [PATCH v8 12/15] bugreport: count loose objects Emily Shaffer
2020-02-20 21:04 ` Junio C Hamano
2020-02-25 23:22 ` Emily Shaffer
2020-02-25 23:26 ` Emily Shaffer
2020-02-20 1:58 ` [PATCH v8 13/15] bugreport: add packed object summary Emily Shaffer
2020-02-20 22:04 ` Junio C Hamano
2020-02-25 23:58 ` Emily Shaffer
2020-02-20 1:58 ` [PATCH v8 14/15] bugreport: list contents of $OBJDIR/info Emily Shaffer
2020-02-20 22:18 ` Junio C Hamano
2020-02-20 1:58 ` [PATCH v8 15/15] bugreport: summarize contents of alternates file Emily Shaffer
2020-02-20 14:08 ` Johannes Schindelin
2020-02-20 22:22 ` Junio C Hamano
2020-03-02 23:03 ` [PATCH v9 0/5] add git-bugreport tool Emily Shaffer
2020-03-02 23:03 ` [PATCH v9 1/5] help: move list_config_help to builtin/help Emily Shaffer
2020-03-02 23:03 ` [PATCH v9 2/5] bugreport: add tool to generate debugging info Emily Shaffer
2020-03-03 14:18 ` Johannes Schindelin
2020-03-04 21:35 ` Johannes Schindelin
2020-03-05 23:34 ` Jeff Hostetler
2020-03-06 13:57 ` Johannes Schindelin
2020-03-06 18:25 ` Junio C Hamano
2020-03-06 18:08 ` Junio C Hamano
2020-03-06 18:58 ` Jeff Hostetler
2020-03-08 22:24 ` Johannes Schindelin
2020-03-09 14:59 ` Junio C Hamano
2020-03-09 19:17 ` Johannes Schindelin
2020-03-09 19:47 ` Junio C Hamano
2020-03-10 11:42 ` Johannes Schindelin
2020-03-10 18:37 ` Junio C Hamano
2020-03-10 22:08 ` Johannes Schindelin
2020-03-19 21:39 ` Emily Shaffer
2020-03-20 0:28 ` Junio C Hamano
2020-03-20 15:35 ` Johannes Schindelin
2020-03-23 18:52 ` Emily Shaffer
2020-03-20 15:42 ` Johannes Schindelin
2020-03-23 18:50 ` Emily Shaffer
2020-03-20 17:43 ` Junio C Hamano
2020-03-20 22:38 ` Johannes Schindelin
2020-03-20 22:47 ` Junio C Hamano
2020-03-21 10:53 ` Johannes Schindelin
2020-03-02 23:03 ` [PATCH v9 3/5] bugreport: gather git version and build info Emily Shaffer
2020-03-23 21:20 ` Junio C Hamano
2020-03-02 23:03 ` [PATCH v9 4/5] bugreport: add uname info Emily Shaffer
2020-03-02 23:04 ` [PATCH v9 5/5] bugreport: add compiler info Emily Shaffer
2020-03-03 11:46 ` Danh Doan
2020-03-03 14:07 ` Junio C Hamano
2020-03-04 21:39 ` Johannes Schindelin
2020-03-23 21:27 ` Emily Shaffer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200124032905.GA37541@google.com \
--to=emilyshaffer@google.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).