On 10/19/2011 11:49 PM, Junio C Hamano wrote: > mhagger@xxxxxxxxxxxx writes: >> I'm still not clear on how extra_refs are used. Are they generated >> from local refs or are they generated from remote refs? If the >> latter, then it is probably irresponsible not to do *some* sanity >> checking in add_extra_ref() to prevent any chance of refnames like >> "../../../etc/passwd". > > No, add_extra_ref() already tells us what their values are, these are > never used to actually read from filesystem. Their refname field has > almost no value other than for debugging and we probably shouldn't even > insist on uniqueness among extra refs or for that matter collision with > the real refs. [...] Thanks for the explanation. I'm inspired to separate them a little bit more from "real" refs because they are such a special case. For example, maybe it would make sense to add a function for_each_extra_ref() to avoid having to mix them with real refs in the iteration. OTOH not important AFAICS. Michael -- Michael Haggerty mhagger@xxxxxxxxxxxx http://softwareswirl.blogspot.com/ -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html