On 12/06, Jeff King wrote: > On Mon, Dec 05, 2016 at 12:04:52PM -0800, Junio C Hamano wrote: > > > > I'm sending out another reroll of this series so that in Jeff's he can > > > just call 'get_curl_allowed_protocols(-1)' for the non-redirection curl > > > option, which should make this test stop barfing. > > > > I was hoping to eventually merge Peff's series to older maintenance > > tracks. How bad would it be if we rebased the v8 of this series > > together with Peff's series to say v2.9 (or even older if it does > > not look too bad)? > > My series actually fixes existing security problems, so I'd consider it > a bug-fix. I _think_ Brandon's series is purely about allowing more > expressiveness in the whitelist policy, and so could be considered more > of a feature. Yes this was really the main intent on my series. > So one option is to apply my series for older 'maint', and then just > rebase Brandon's on top of that for 'master'. > > I don't know if that makes things any easier. I feel funny saying "no, > no, mine preempts yours because it is more maint-worthy", but I think > that order does make sense. > > I think it would be OK to put Brandon's on maint, too, though. It is a > refactor of an existing security feature to make it more featureful, but > the way it is implemented could not cause security regressions unless > you use the new feature (IOW, we still respect the whitelist environment > exactly as before). Either way let me know if there is something I need to do. -- Brandon Williams