On Mon, Dec 05, 2016 at 12:04:52PM -0800, Junio C Hamano wrote: > > I'm sending out another reroll of this series so that in Jeff's he can > > just call 'get_curl_allowed_protocols(-1)' for the non-redirection curl > > option, which should make this test stop barfing. > > I was hoping to eventually merge Peff's series to older maintenance > tracks. How bad would it be if we rebased the v8 of this series > together with Peff's series to say v2.9 (or even older if it does > not look too bad)? My series actually fixes existing security problems, so I'd consider it a bug-fix. I _think_ Brandon's series is purely about allowing more expressiveness in the whitelist policy, and so could be considered more of a feature. So one option is to apply my series for older 'maint', and then just rebase Brandon's on top of that for 'master'. I don't know if that makes things any easier. I feel funny saying "no, no, mine preempts yours because it is more maint-worthy", but I think that order does make sense. I think it would be OK to put Brandon's on maint, too, though. It is a refactor of an existing security feature to make it more featureful, but the way it is implemented could not cause security regressions unless you use the new feature (IOW, we still respect the whitelist environment exactly as before). -Peff