On 2020-06-10 at 21:54:01, Matt Rogers wrote: > > - * We also leave "master" as a special case, since it does not reveal > > - * anything interesting. > > + * We also leave the default branch name as a special case, since it > > + * does not reveal anything interesting. > > */ > I feel this is a weird thing to do, since you're trying to anonymize the branch > name,and now the default branch is identifiable with your config file. For > example, if the default branch contains the name of my project/repo then this > sounds like a recipe for accidentally sharing it. I feel a better > alternative would > be to exclude nothing from the anonymization or the proposed default default > branch name I think this is fine because it only reveals the name of your particular choice of default branch. The goal of the --anonymize option is to allow people to maintain the structure of their repositories while stripping private information from them, primarily for debugging purposes (e.g., providing to us for troubleshooting). The things people want to prevent exposing are their code, data, project names, user names, etc.: that is, anything identifying, privileged, or private. The default branch name isn't any of those things; we know you have one, and for troubleshooting purposes, we aren't that interested in what you called it. You've almost certainly picked it out of a set of one of 20 words that people use for this purpose, none of which are private, and all of which are shared by millions of other repositories. In the extremely unlikely case that it does matter, invoking git with something like "-c default.branch=$(git hash-object /dev/null)" would be sufficient to anonymize all branches. I should point out that people frequently ask for the output of "git config -l" for troubleshooting, and most people wouldn't consider their default branch name to be worth sanitizing there. -- brian m. carlson: Houston, Texas, US OpenPGP: https://keybase.io/bk2204
Attachment:
signature.asc
Description: PGP signature
