On 09/26/2011 06:09 AM, Junio C Hamano wrote: > Michael Haggerty <mhagger@xxxxxxxxxxxx> writes: > >> On 09/24/2011 08:15 AM, Jeff King wrote: >> For most software projects, the user does >> >> git pull >> make >> >> daily. There is nothing that a nasty .gitconfig can do that can't be >> done more easily by a nasty Makefile (or anything else in the build >> process). The moment I pull from Junio's repository and run a build >> without having personally done a full code review first, I've given >> Junio complete pownership of my account. > > I suspect that argument is somewhat leaky. > > Will I be the _only_ one you will be pulling from? What if I were not so > careful and relay a contaminated in-tree configuration file (which I would > never use myself) to trusting downstream users like you? I'm not saying that trusting in-tree configuration files makes sense for everybody, and in the open-source world one must be very careful about doing so. But I think that among closely-cooperating groups (e.g., personal projects, many projects in industry) (1) we don't pull from outside the group and (2) we are forced to trust each other pretty completely anyway. So I think that there are many sane use-cases for giving users the opportunity to "bless" an in-tree config. Michael -- Michael Haggerty mhagger@xxxxxxxxxxxx http://softwareswirl.blogspot.com/ -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html