On Wed, Oct 19, 2011 at 09:31:16PM -0700, Junio C Hamano wrote: > Jeff King <peff@xxxxxxxx> writes: > > > And nothing shows up in the body, because git truncates at the NUL we > > added: > > > > $ git show > > commit 31337a1093af2d97eb2e6c08b261c2946395fdd3 > > Author: Jeff King <peff@xxxxxxxx> > > Date: Wed Oct 19 15:34:00 2011 -0400 > > > > 10 > > > > diff --git a/file b/file > > But you cannot hide from "cat-file commit" ;-) Yes. The implementation is a horrible hack, second only in grossness to the original idea. :) > With the recent push to more (perceived) security, it may probably make > sense to teach "log" family commands to quote-show ^@ and what is behind > in their output by default, perhaps with an option to turn it off. Agreed. Having hidden cruft makes birthday collision attacks easier (or it will, if sha1 ever gets broken to that point). Unfortunately, there is a _ton_ of code which assumes that commit messages are NUL-terminated, as they always have been since e871b64 (2005-05-25). -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html