From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=AWL,BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_PASS, SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by dcvr.yhbt.net (Postfix) with ESMTP id 283771F66E for ; Wed, 19 Aug 2020 19:16:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726732AbgHSTQf (ORCPT ); Wed, 19 Aug 2020 15:16:35 -0400 Received: from elephants.elehost.com ([216.66.27.132]:13243 "EHLO elephants.elehost.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726603AbgHSTQe (ORCPT ); Wed, 19 Aug 2020 15:16:34 -0400 X-Virus-Scanned: amavisd-new at elehost.com Received: from gnash (CPE00fc8d49d843-CM00fc8d49d840.cpe.net.cable.rogers.com [173.32.57.223]) (authenticated bits=0) by elephants.elehost.com (8.15.2/8.15.2) with ESMTPSA id 07JJGPoY030692 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 19 Aug 2020 15:16:25 -0400 (EDT) (envelope-from rsbecker@nexbridge.com) From: "Randall S. Becker" To: "'Lukas Straub'" , "'Junio C Hamano'" Cc: "'git'" , "'Elijah Newren'" , "'Brandon Williams'" , "'Johannes Schindelin'" , "'Jeff King'" References: <20200819204750.6ce87f7c@luklap> In-Reply-To: <20200819204750.6ce87f7c@luklap> Subject: RE: [RFC PATCH 0/2] Allow adding .git files and directories Date: Wed, 19 Aug 2020 15:16:19 -0400 Message-ID: <04bb01d6765d$3bb67e20$b3237a60$@nexbridge.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook 16.0 Thread-Index: AQJUwsi1t0kYcCu+MG1WzKjrMbhjgQKo5EueAh/vIPSoHOz9cA== Content-Language: en-ca Sender: git-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org On August 19, 2020 2:48 PM, Lukas Straub wrote: > To: Junio C Hamano > Cc: git ; Elijah Newren ; > Brandon Williams ; Johannes Schindelin > ; Jeff King > Subject: Re: [RFC PATCH 0/2] Allow adding .git files and directories > > On Wed, 19 Aug 2020 11:03:30 -0700 > Junio C Hamano wrote: > > > Lukas Straub writes: > > > > > These patches allow this and work well in a quick test. Of course > > > some tests fail because with this the handling of nested git repos > changed. > > > > In other words, this breaks the workflow existing users rely on, > > right? I do not know if such a behaviour ever needs to exist even as > > an opt-in feature, but it definitely feels wrong to make the behaviour > > these patches introduce the default. > > Well, the current behavior is that nested repos (that are not submodules) are > completely ignored and none of the files within can be added. So the old > behavior can be restored with .gitignore. The same goes for files/dirs named > .git. > > Of course I don't know what the current policy for behavioral changes in git > is, but I see that there have been such changes in the past. I honestly am concerned about a repeat of things like https://nvd.nist.gov/vuln/detail/CVE-2019-19604 (the submodule update problem). This change in behaviour is of serious concern from a risk standpoint. To be blunt, I don't think users on my platform will move to a version of git that supports this by default. Sincerely, Randall -- Brief whoami: NonStop developer since approximately 211288444200000000 UNIX developer since approximately 421664400 -- In my real life, I talk too much.