On Wed, Jan 11, 2012 at 07:03:36PM -0800, Junio C Hamano wrote: > Jeff King <peff@xxxxxxxx> writes: > > > I see it the opposite way. People are clearly using the "$ref:$path" > > syntax. So why would we restrict them from doing so? There are no > > security implications (i.e., they could always just grab $ref and > > extract $path themselves). In my view, ee27ca4a was over-eager in its > > restrictions because I wanted it to be simple and close the hole. Now we > > can take our time adding more code to loosen it. > > Ok, so it is more like a partial revert of whatever we did. In that case, > I'd take CMN's patch to limit the extent of the changes, as it more > closely matches the spirit of the original ee27ca4 (archive: don't let > remote clients get unreachable commits, 2011-11-17) that singled out and > catered to the need of "archive" command alone. It is already part of the > v1.7.8.1 release, so I would prefer a change to be stupid and simple. For a maint release, I am OK with that. In the long term, I'd rather my patches go onto master (either for 1.7.9 or for later), as I think they are the right way to do it. -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html