On Wed, Nov 02, 2016 at 07:05:39PM -0400, Jeff King wrote: > > +core.allowProtocol:: > > + Provide a colon-separated list of protocols which are allowed to be > > + used with fetch/push/clone. This is useful to restrict recursive > > + submodule initialization from an untrusted repository. Any protocol not > > + mentioned will be disallowed (i.e., this is a whitelist, not a > > + blacklist). If the variable is not set at all, all protocols are > > + enabled. If the `GIT_ALLOW_PROTOCOL` enviornment variable is set, it is > > + used as the protocol whitelist instead of this config option. > > The "not set at all, all protocols are enabled" bit is not quite > correct, is it? It is true for a top-level fetch, but not for submodule > recursion (and especially since you are talking about submodule > recursion immediately before, it is rather confusing). Heh, just saw that you copied this straight from the discussion of GIT_ALLOW_PROTOCOL. What idiot wrote the original? :) It might be worth fixing both places (or possibly just fixing the original and phrasing this one as "If GIT_ALLOW_PROTOCOL is not set, use this as the default value; see git(1) for details"). -Peff