On Tue, Apr 30, 2013 at 1:05 PM, Matthieu Moy <Matthieu.Moy@xxxxxxxxxxxxxxx> wrote: > Junio C Hamano <gitster@xxxxxxxxx> writes: > >> By the way, these options are _not_ about "showing merge commits >> that introduce code", and they do not help your kind of "security". >> As I repeatedly said, you would need "-p -m" for that. > > Actually, while defaulting to --cc may be convenient, it would indeed > increase the security risk: currently, "git log -p" shows nothing for > merges, so it's rather clear that _everything_ is omitted. With --cc, > the user would see a diff, and could hardly guess that not everything is > shown without reading the doc very carefully. I don't believe it's that clear. I bet people assume there's nothing to show, and unless you dig in and discover that `-p` doesn't include merges. In git 1.8.2, `git help log` doesn't seem to make any mention of `-p` not showing a diff for merges. Just to see, I asked several people around here whether they knew `-p` didn't show diffs for merges, and they were all surprised that diffs were being omitted for merge commits. -John -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html