On Thu, Oct 19, 2017 at 8:12 AM, Ben Peart <peartben@xxxxxxxxx> wrote: > If we are guarding against "git" writing out an invalid index, we can move > this into an assert so that only git developers pay the cost of validating > they haven't created a new bug. I think this is better than just adding a > new test case as a new test case would not achieve the same coverage. This > is my preferred solution. > > If we are guarding against "some other application" writing out an invalid > index, then everyone will have to pay the cost as we can't insert the test > into "some other applications." Without user reports of it happening or any > telemetry saying it has happened I really have no idea if it every actually > happens in the wild anymore and whether the cost on every index load is > still justified. How well does this play out in the security realm?, c.f. https://public-inbox.org/git/20171002234517.GV19555@xxxxxxxxxxxxxxxxxxxxxxxxx/
