On Thu, Sep 28, 2017 at 8:51 PM, Junio C Hamano <gitster@xxxxxxxxx> wrote: > I think that your patch the last round that feeds fd#8 in the > foreground (i.e. fully trusting that the caller is sensibly giving > input that produces no output) is already a good place to stop. > > Your patch this round that feeds fd#8 in the background, plus the > attached patch (i.e. not trusting the caller as much and allowing it > to use commands that outputs something, within reason), would also > be a good place to stop. > > But I am not sure your patch this round alone is a good place to > stop. It somehow feels halfway either way. I agree. If we're coding defensively against the caller, we do have to include your patch to be effective, you're right. I reckon we likely don't need to be quite so paranoid, at least until this has more users. Thanks.
