> I think this is fine because it only reveals the name of your particular > choice of default branch. The goal of the --anonymize option is to > allow people to maintain the structure of their repositories while > stripping private information from them, primarily for debugging > purposes (e.g., providing to us for troubleshooting). > > The things people want to prevent exposing are their code, data, project > names, user names, etc.: that is, anything identifying, privileged, or > private. The default branch name isn't any of those things; we know you > have one, and for troubleshooting purposes, we aren't that interested in > what you called it. You've almost certainly picked it out of a set of > one of 20 words that people use for this purpose, none of which are > private, and all of which are shared by millions of other repositories. > I think that's not very convincing. If branch names in general are identifying enough to warrant anonymization then shouldn't the default name be too? > In the extremely unlikely case that it does matter, invoking git with > something like "-c default.branch=$(git hash-object /dev/null)" would be > sufficient to anonymize all branches. > > I should point out that people frequently ask for the output of "git > config -l" for troubleshooting, and most people wouldn't consider their > default branch name to be worth sanitizing there. I think this is a little presumptuous, most people wouldn't consider it to be worth sanitizing because there isn't currently such a config setting. If I give you the the output of "git config -l" then I think it's obvious that all of my configuration settings will be included (and therefore I can choose to sanitize accordingly), but if I'm giving an exported repository I think should be anonymized, but my default branch, which someone could innocently base on a project or company name, could easily be accidentally included in that output which could lead to a frustrating experience > -- > brian m. carlson: Houston, Texas, US > OpenPGP: https://keybase.io/bk2204 -- Matthew Rogers
