René Scharfe <l.s.r@xxxxxx> writes: >> This series really feels like it's adding too much complexity and >> potential auditing headaches (distributors worrying about us shipping a >> CSPRNG, having to audit it) to a low-level codepath that most of the >> time won't need this at all. > > Good point. Please let me think out loud for a moment. Yeah, I agree you and Ævar that the topic may be over-engineering the solution for problem that we shouldn't be the ones who solve. I agree with your analysis that the "diff" tempfiles do need suffix, we SHOULD create them in $TMPDIR (not in the working tree or $GIT_DIR) to support operation in a read-only repository, but we can create a unique temporary directory and place a file (even under its original name) in it as a workaround. Thanks.
