On Fri, Oct 14, 2011 at 01:24:07PM -0700, Junio C Hamano wrote: > > Git is foremost an open system, and our defaults should > > reflect that. > [...] > > I think the logic in the last paragraph is flawed. > > There is a difference between Git being an open system, and installations > and users of Git being primarily people who work on open projects. > > Even though personally I wish there weren't. I think it is not the logic that is flawed, but the communication. What I meant was that git was originally designed to support open projects (like the kernel), and they are our primary target. Ingo said something similar here: http://article.gmane.org/gmane.linux.kernel/1202320 Still, primary target and primary user are not necessarily the same thing. And a minor convenience for one audience that introduces a security problem for another audience may not be a good tradeoff, no matter who the audiences are. I didn't really expect you to take my second patch. We tend to be a bit more conservative than that around here. > > But since it is a potential security issue, it does seem kind of mean to > > closed sites to just flip the switch on them. > > It would have been a better split to have the 1/2 patch to support both > informative and uninformative errors, with the default to say "access > denied", and 2/2 to flip the default to be more open. Isn't that what I did? It was what I meant to do, anyway... Or did you mean the options would have been better worded as: --errors={terse,informative} or something similar? -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html