Jeff King wrote: > Git packfiles come from two places: > > 1. Local maintenance repacks loose and already-packed objects into a > new packfile. We trust the local repack process to generate a valid > packfile (though the contents of individual objects may be > untrusted, of course). I think we should reconsider such trust. If one user creates a malicious pack, if another user uses read-only git commands to access the repository (after inspecting .git/config to make sure it doesn't contain anything scary) the result should not be arbitrary code execution. Producing bogus output or aborting is okay; arbitrary code execution less so. Thanks, Jonathan -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html