Jeff King <peff@xxxxxxxx> writes: > I see it the opposite way. People are clearly using the "$ref:$path" > syntax. So why would we restrict them from doing so? There are no > security implications (i.e., they could always just grab $ref and > extract $path themselves). In my view, ee27ca4a was over-eager in its > restrictions because I wanted it to be simple and close the hole. Now we > can take our time adding more code to loosen it. Ok, so it is more like a partial revert of whatever we did. In that case, I'd take CMN's patch to limit the extent of the changes, as it more closely matches the spirit of the original ee27ca4 (archive: don't let remote clients get unreachable commits, 2011-11-17) that singled out and catered to the need of "archive" command alone. It is already part of the v1.7.8.1 release, so I would prefer a change to be stupid and simple. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html