On Sat, Jun 9, 2018 at 12:22 AM Ævar Arnfjörð Bjarmason <avarab@xxxxxxxxx> wrote: > > > On Fri, Jun 08 2018, Johannes Sixt wrote: > > > Am 08.06.2018 um 18:00 schrieb Thomas Braun: > >> I for my part would much rather prefer that to be a compile time > >> option so that I don't need to check on every git update on windows > >> if this is now enabled or not. > > > > This exactly my concern, too! A compile-time option may make it a good > > deal less worrisome. > > Can you elaborate on how someone who can maintain inject malicious code > into your git package + config would be thwarted by this being some > compile-time option, wouldn't they just compile it in? Look at this from a different angle. This is driven by the needs to collect telemetry in _controlled_ environment (mostly server side, I guess) and it should be no problem to make custom builds there for you. Not making it a compile-time option could force [1] linux distro to carry this function to everybody even if they don't use it (and it's kinda dangerous to misuse if you don't anonymize the data properly). I also prefer this a compile time option. [1] Of course many distros can choose to patch it out. But it's the same argument as bringing this option in in the first place: you guys already have that code in private and now want to put it in stock git to reduce maintenance cost, why add extra cost on linux distro maintenance? -- Duy
