On Wed, Dec 19, 2012 at 08:13:21AM +0100, Johannes Sixt wrote: > Am 12/18/2012 17:24, schrieb Jeff King: > > I am not really interested in pushing this forward myself, but I worked > > up this toy that somebody might find interesting (you can "git replace > > HEAD~20" to get dumped in an editor). It should probably handle trees, > > and it would probably make sense to do per-object-type sanity checks > > (e.g., call verify_tag on tags). > > I know it's just a throw-away patch, but I would discourage to go this > route without also adding all the sanity checks. Otherwise, it will have > just created a porcelain command that can generate a commit object with > any content you want! I think I agree with you that it would not be worth doing without sanity checks. I am not sure if your "any content you want" statement means "bad people can easily make bogus objects" or "it is too easy to make arbitrary mistakes, putting your repo in a bogus state". I would agree that the latter is compelling, but not the former. You can already easily generate a commit with any content you want via "hash-object -t commit", and I have frequently done this while testing corner cases of fsck, how git behaves when given buggy data, etc. So to me it is not about preventing intentional abuse, but about not promoting a feature that makes it too easy to screw up. -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html