Elijah Newren <newren@xxxxxxxxx> writes: > But can I back up and comment on a bigger picture item? > > This mechanism requires somehow getting additional files to the user > separately; projects that span companies (git.git, linux.git, etc.) > won't likely be able to make use of this. > > Scalar also has a mechanism for providing potentially large blocks of > pre-vetted configuration for users. It does so as part of a new > top-level command. And it does so with a very opinionated set of > values that are not configurable. Thus, while I'd like to use it, > they use a configuration option that would break things badly at my > $DAYJOB. (Too many gradle plugins using jgit, which doesn't > understand index.version=4 and will blow up with a very suboptimal > error message when they see it.) And, it's very specific to scalar; > we probably don't want to add a new toplevel command everytime someone > wants common configuration to be easily grabbed by some user. > > It would be nice if we could find some more generic solution. > Granted, I can't think of any, and I don't think this comment should > block this particular series (nor the scalar one), but I am worrying a > little bit that we're getting multiple completely different solutions > for the same general problem, and each brings caveats big enough to > preclude many (most?) potential users. I don't know what to do about > that, especially since configuration that is too easy to propagate > comes with big security problems, but I wanted to at least raise the > issue and hope others have good ideas. If nothing else, I want to > raise awareness to avoid proliferation of similar > pre-vetted-configuration-deployment mechanisms. I'm CC'ing a couple > scalar folks as well for that point. Yes, that's an accurate description. To reiterate what Jonathan said in his first cover letter [1], the primary motivation is that we want to be able to 'suggest' hooks to users. There was an RFC for this 'remote-suggested hooks feature' (docs [2], RFC implementation [3]) but it ultimately stalled due to security concerns I believe (this was before I joined the team, so I'm not the most familiar with this). It might be worth re-reading those threads since they tread on pretty much the same ground of shipping pre-vetted config (this is directed at me too, since I haven't read through those in detail). I've also been told that we're (aka Google) still looking for feedback on [2], so feel free to share any thoughts on that thread too. [1] https://lore.kernel.org/git/cover.1634077795.git.jonathantanmy@xxxxxxxxxx [2] https://lore.kernel.org/git/pull.908.v4.git.1620241892929.gitgitgadget@xxxxxxxxx/ [3] https://lore.kernel.org/git/cover.1623881977.git.jonathantanmy@xxxxxxxxxx/
