On Mon Sep 7, 2020 at 2:49 PM EDT, Christian Couder wrote: > > Upon cloning, each recommended config option would be displayed to the > > user, and they would be prompted ([Y/n]) to agree to set that value in > > the config file for that repository. > > Maybe the default should be "N" instead of "Y" for more security. Also > when not using a terminal, it should do nothing by default too. Ack, ack. > > Additionally, there would be a config option which white-lists a > > list of config options which are automatically agreed to without > > prompting, > > This might be dangerous if this option can also be proposed by the > server, as it could first propose a big list of white listed options > to the client. Aye, I think we'd prevent the server from advertising that option period, as a hard-coded restriction. > My opinion is that you might not want to start working on all the > above at once. It might be better to start small and safe while > leaving the door open to further improvements. While this work could easily be (and ought to be) broken up into small commits which introduce it one piece at a time, I'm not sure that any subset of the pieces is *shippable*. Do you have a suggestion for how it could be broken up into small, shippable pieces?
