Re: git log -p unexpected behaviour - security risk?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 21 April 2013 08:26, Junio C Hamano <gitster@xxxxxxxxx> wrote:
> Simon Ruderich <simon@xxxxxxxxxxxx> writes:
>
>> diff --git a/Documentation/diff-options.txt b/Documentation/diff-options.txt
>> index 104579d..cd35ec7 100644
>> --- a/Documentation/diff-options.txt
>> +++ b/Documentation/diff-options.txt
>> @@ -24,6 +24,10 @@ ifndef::git-format-patch[]
>>  --patch::
>>       Generate patch (see section on generating patches).
>>       {git-diff? This is the default.}
>> +ifdef::git-log[]
>> +     Changes introduced in merge commits are not displayed. Use `-c`,
>> +     `--cc` or `-m` to include them.
>> +endif::git-log[]
>
> It probably is a better change to drop "Use `-c`..." and refer to
> the "Diff formatting" section.
>
> And then add '-p' and the fact that by default it will not show
> pairwise diff for merge commits to the "Diff Formatting" section.
> That is where -c/--cc/-m are already described.

Why not have it in both places?  This is really important.

I'm concerned that noone is taking this security risk seriously.  Just
because it doesn't show up in certain workflows doesn't make the risk
go away.

What about all the people who use git internally?  They aren't using
github and almost certainly aren't using a mail based system.

It's bad that we can't even set the right behaviour as a default.

John
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]