On Thu, Feb 22, 2018 at 10:07:15AM -0800, Brandon Williams wrote: > On 02/22, Jeff King wrote: > > On Wed, Feb 21, 2018 at 01:44:22PM -0800, Jonathan Tan wrote: > > > > > On Tue, 6 Feb 2018 17:12:41 -0800 > > > Brandon Williams <bmwill@xxxxxxxxxx> wrote: > > > > > > > In order to allow for code sharing with the server-side of fetch in > > > > protocol-v2 convert upload-pack to be a builtin. > > > > > > > > Signed-off-by: Brandon Williams <bmwill@xxxxxxxxxx> > > > > > > As Stefan mentioned in [1], also mention in the commit message that this > > > means that the "git-upload-pack" invocation gains additional > > > capabilities (for example, invoking a pager for --help). > > > > And possibly respecting pager.upload-pack, which would violate our rule > > that it is safe to run upload-pack in untrusted repositories. > > And this isn't an issue with receive-pack because this same guarantee > doesn't exist? Yes, exactly (which is confusing and weird, yes, but that's how it is). -Peff
