On Wed, May 31, 2017 at 04:23:49PM +0200, Ævar Arnfjörð Bjarmason wrote: > > It really is an issue of the user knowing about the problem (and how to > > solve it), and I don't think we can get around that securely. So better > > documentation probably is the right solution. > > > > I'll see if I can cook something up. > > I was going to say: A way to have our cake & eat it too here would be > to just support *.insteadOfRegex, i.e. > "url.persistent-https://.insteadOfRegex="^https://";. > > But in this case, even if we can just do un-anchored string > replacement, isn't a way around this just to do > "url.persistent-https://.insteadOf=https://"; & untaint & document that > you should do that? I think we already do the second form, and that's what Elliott ran into. The problem is that it is not clear if "persistent-https" is safe to use for submodules. _We_ know that it is because we know what that remote does, but Git doesn't know that. You would not necessarily want: [url "ext::ssh-wrapper "] insteadOf = "ssh://" to kick in for a submodule. That's a fairly insane thing to be doing, but the point is that we don't know if the rewritten protocol is ready to handle "tainted" URLs that come from an untrusted submodule file. -Peff