On Thu, Jan 26, 2012 at 2:42 PM, Jeff King <peff@xxxxxxxx> wrote: > +Security Considerations > +~~~~~~~~~~~~~~~~~~~~~~~ > + > +Because git configuration may cause git to execute arbitrary shell > +commands, it is important to verify any configuration you receive over > +the network. In particular, it is not a good idea to point `include.ref` > +directly at a remote tracking branch like `origin/master:shared-config`. > +After a fetch, you have no way of inspecting the shared-config you have > +just received without running git (and thus respecting the downloaded > +config). Instead, you can create a local tag representing the last > +verified version of the config, and only update the tag after inspecting > +any new content. It may be a good idea to tell users the ref include.ref points to has been updated at the end of git-fetch. Showing a diff is even better. -- Duy -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html