On 01/03, Stefan Beller wrote: > On Tue, Jan 2, 2018 at 4:18 PM, Brandon Williams <bmwill@xxxxxxxxxx> wrote: > > In order to allow for code sharing with the server-side of fetch in > > protocol-v2 convert upload-pack to be a builtin. > > What is the security aspect of this patch? > > By making upload-pack builtin, it gains additional abilities, > such as answers to '-h' or '--help' (which would start a pager). > Is there an easy way to sooth my concerns? (best put into the > commit message) receive-pack is already a builtin, so theres that. > > Thanks, > Stefan > -- Brandon Williams
