On 2021-10-12 at 22:57:21, Jonathan Tan wrote: > Previously [1], I sent a patch set for remote-suggested configs that are > transmitted when fetching, but there were some security concerns. Here > is another way that remote repo administators can provide recommended > configs - through conditionally included files based on the configured > remote. Git itself neither transmits nor prompts for these files, which > hopefully reduces people's concerns. > > More information is in the commit message of patch 2. I won't go into the details of the patches, since I'm a little low on time at the moment, but I think from what I've seen of the cover letter and the commit messages, this approach is much better from a security perspective and, provided we can get the kinks mentioned downthread ironed out, I'd be happy to see this merged. -- brian m. carlson (he/him or they/them) Toronto, Ontario, CA
Attachment:
signature.asc
Description: PGP signature
