From: Junio C Hamano <gitster@pobox.com>
To: Jeff King <peff@peff.net>
Cc: "Michael Strawbridge" <michael.strawbridge@amd.com>,
"Bagas Sanjaya" <bagasdotme@gmail.com>,
"Todd Zullinger" <tmz@pobox.com>,
"Luben Tuikov" <luben.tuikov@amd.com>,
"Ævar Arnfjörð Bjarmason" <avarab@gmail.com>,
"Taylor Blau" <me@ttaylorr.com>,
"Git Mailing List" <git@vger.kernel.org>
Subject: Re: [PATCH] send-email: move process_address_list earlier to avoid, uninitialized address error
Date: Wed, 11 Oct 2023 15:37:39 -0700 [thread overview]
Message-ID: <xmqqzg0oiy4s.fsf@gitster.g> (raw)
In-Reply-To: <20231011221844.GB518221@coredump.intra.peff.net> (Jeff King's message of "Wed, 11 Oct 2023 18:18:44 -0400")
Jeff King <peff@peff.net> writes:
> Which of course implies that we're not (and cannot) validate what
> they're typing at this step, but I think that's OK because we feed it
> through extract_valid_address_or_die().
OK, let's queue it then.
> IOW, I think there are actually two distinct validation steps
> hidden here:
>
> 1. We want to validate that the patch files we were fed are OK.
>
> 2. We want to validate that the addresses, etc, fed by the user are
> OK.
>
> And after Michael's original patch, we are accidentally hitting some of
> that validation code for (2) while doing (1).
> This is actually a weird split if you think about it. We are feeding to
> the validate hook in (1), so surely it would want to see the full set of
> inputs from the user, too? Which argues for pushing the "if ($validate)"
> down as you suggest. And then either:
>
> a. We accept that the user experience is a little worse if validation
> fails after the user typed.
>
> b. We split (1) into "early" validation that just checks if the files
> are OK, but doesn't call the hook. And then later on we do the full
> validation.
>
> I don't have a strong opinion myself (I don't even use send-email
> myself, and if I did, I'd probably mostly be feeding it with "--to" etc
> on the command line, rather than interactively).
I am not affected, either, and do not have a strong opinion either
way. As long as the end-user input is validated separately, it
would be OK, but if the end-user supplied validation hook cares
about what addresses the messages are going to be sent to, not
knowing the set of recipients mean the validation hook is not
getting the whole picture, which does smell bad.
On the other hand, I am not sure what is wrong with "after the user
typed", actually. As you said, anybody sane would be using --to (or
an equivalent configuration variable in the repository) to send
their patches to the project address instead of typing, and to them
it is not a problem. After getting the recipient address from the
end user, the validation may fail due to a wrong address, in which
case it is a good thing. If the validation failed due to wrong
contents of the patch (perhaps it included a change to the file with
trade secret that appeared in the context lines), as long as the
reason why the validation hook rejected the patches is clear enough
(e.g., "it's the patches, not the recipients"), such "a rejection
after typing" would be only once per a patch series, so it does not
sound too bad, either.
But perhaps I am not seeing the reason why "fail after the user typed"
is so disliked and being unnecessarily unsympathetic. I dunno.
next prev parent reply other threads:[~2023-10-11 22:38 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-22 9:27 [REGRESSION] uninitialized value $address in git send-email when given multiple recipients separated by commas Bagas Sanjaya
2023-09-24 3:36 ` Jeff King
2023-09-25 7:45 ` Bagas Sanjaya
2023-09-25 8:00 ` Jeff King
2023-09-25 14:48 ` Todd Zullinger
2023-09-25 16:17 ` Jeff King
2023-10-11 13:41 ` Bagas Sanjaya
2023-10-11 19:27 ` Michael Strawbridge
2023-10-11 20:22 ` [PATCH] send-email: move process_address_list earlier to avoid, uninitialized address error Michael Strawbridge
2023-10-11 20:25 ` Michael Strawbridge
2023-10-11 21:27 ` Junio C Hamano
2023-10-11 22:18 ` Jeff King
2023-10-11 22:37 ` Junio C Hamano [this message]
2023-10-11 22:47 ` Jeff King
2023-10-13 20:25 ` Michael Strawbridge
2023-10-20 6:45 ` Jeff King
2023-10-20 7:14 ` Jeff King
2023-10-20 10:03 ` [PATCH 0/3] some send-email --compose fixes Jeff King
2023-10-20 10:09 ` [PATCH 1/3] doc/send-email: mention handling of "reply-to" with --compose Jeff King
2023-10-20 10:13 ` [PATCH 2/3] Revert "send-email: extract email-parsing code into a subroutine" Jeff King
2023-10-20 10:45 ` Oswald Buddenhagen
2023-10-23 18:40 ` Jeff King
2023-10-23 19:50 ` Oswald Buddenhagen
2023-10-25 6:11 ` Jeff King
2023-10-25 9:23 ` Oswald Buddenhagen
2023-10-27 22:31 ` Junio C Hamano
2023-10-30 9:13 ` Jeff King
2023-10-20 21:45 ` Junio C Hamano
2023-10-23 18:47 ` Jeff King
2023-10-20 10:15 ` [PATCH 3/3] send-email: handle to/cc/bcc from --compose message Jeff King
2023-10-20 17:30 ` Eric Sunshine
2023-10-20 21:42 ` [PATCH 0/3] some send-email --compose fixes Junio C Hamano
2023-10-23 18:51 ` Jeff King
2023-10-24 20:12 ` Michael Strawbridge
2023-10-24 20:19 ` [PATCH] send-email: move validation code below process_address_list Michael Strawbridge
2023-10-24 21:55 ` Junio C Hamano
2023-10-24 22:03 ` Junio C Hamano
2023-10-25 18:48 ` Michael Strawbridge
2023-10-25 18:51 ` [PATCH v2] " Michael Strawbridge
2023-10-26 12:44 ` Junio C Hamano
2023-10-26 13:11 ` Michael Strawbridge
2023-10-25 6:50 ` [PATCH] " Jeff King
2023-10-25 18:47 ` Michael Strawbridge
2023-10-25 7:43 ` Uwe Kleine-König
2023-10-27 13:04 ` Junio C Hamano
2023-10-20 2:50 ` [PATCH] send-email: move process_address_list earlier to avoid, uninitialized address error Bagas Sanjaya
2023-09-26 11:33 ` [REGRESSION] uninitialized value $address in git send-email when given multiple recipients separated by commas Bagas Sanjaya
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqzg0oiy4s.fsf@gitster.g \
--to=gitster@pobox.com \
--cc=avarab@gmail.com \
--cc=bagasdotme@gmail.com \
--cc=git@vger.kernel.org \
--cc=luben.tuikov@amd.com \
--cc=me@ttaylorr.com \
--cc=michael.strawbridge@amd.com \
--cc=peff@peff.net \
--cc=tmz@pobox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).