On Wed, Aug 19, 2020 at 12:09:11PM -0700, Junio C Hamano wrote: > "Randall S. Becker" <rsbecker@xxxxxxxxxxxxx> writes: > > > Just putting my CSIO hat on here. We would need a system-wide setting to > > prohibit users from using this capability. > > Or just discard this patch, which is a lot simpler. I don't see any > need for this one. Yes. Configurability is a lot more complicated than you might think. Because it's not just system-wide, but _ecosystem_ wide. Right now git-fsck complains about ".git" appearing in a tree, and that check blocks people from pushing such trees to any hosting sites that enable transfer.fsckObjects (which includes hosters like GitHub). So you'd not only need to allow the behavior to be loosened for all of the people using the feature, but you'd need to convince server-side hosters to loosen their config. And because part of the purpose is to protect downstream clients from attacks, I doubt that public hosters like GitHub would do so. It _could_ still be useful in a more isolated environment (e.g., your company server that is serving only internal repos to employees). But I have misgivings about a feature that lets people intentionally create repositories whose history cannot ever interact with other users who haven't set a special config flag. It's one thing to say "to take advantage of this feature, we must all agree to have version X, or set flag Y". But it's another to bake that restriction into the repository history for all time. -Peff
