On Fri, Sep 25, 2009 at 5:59 PM, Matthieu Moy <Matthieu.Moy@xxxxxxxxxxxxxxx> wrote: > Sitaram Chamarty <sitaramc@xxxxxxxxx> writes: > >> yes indeed -- if someone were to foolishly merge a "secret" branch >> into a "normal" branch, so that it is now reachable from a "normal" >> branch, that's his problem -- that cannot be within the scope of this >> check. > > Merging is not the only scenario. Adding a tag could make secret > things become visible too. I'm not saying the approach isn't viable, > but if it gets implemented, it should be done with care to make sure > there's no easy mis-use that would lead to reveal a secret (typically, > I'd do that with a whitelist and not a black-list, so that new > references are secret by default). A whitelist may be better, but I'd be quite happy with a blacklist, if that's easier to implement, and take on myself/my team the onus of ensuring that code remains unreachable from any of the non-blacklisted tags. In other words, I don't expect this to be idiot-proof and I'll take what I can get and work with it :-) -- Sitaram -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html