"Derrick Stolee via GitGitGadget" <gitgitgadget@xxxxxxxxx> writes: > Here is a very fast response to the security release yesterday. Wow. While I were down the whole day yesterday after sending the release announcement, it seems a lot have happened X-<. Does your "a very fast" expect only "wow, thanks for a fast reponse", or does it also expect "ok, we'll take a deep look with a spoonful of salt as it was prepared in haste"? > The second patch here is an adaptation from a contributor who created a pull > request against git/git [1]. I augmented the patch with a test (the test > infrastructure is added in patch 1). > > The third patch is a change to the safe.directory config option to include a > possible "*" value to completely opt-out of the check. This will be > particularly helpful for cases where users run Git commands within a > container. This container workflow always runs as a different user than the > host, but also the container does not have access to the host's system or > global config files. It's also helpful for users who don't want to set the > config for a large number of shared repositories [2]. Let me take a look how well these integrate into the maintenance tracks. I would appreciate something that is targetted and narrow that can be applied to the oldest maintenance track (2.30.3) and then merged upwards, plus niceties on top that does not necessarily have to apply to the oldest ones if the surrounding code or tests were changed more recently. Thanks. > Thanks, -Stolee > > [1] https://github.com/git/git/pull/1235 [2] > https://github.com/git-for-windows/git/issues/3787 [3] > https://github.com/desktop/desktop/issues/14336 > > Derrick Stolee (2): > t0033: add tests for safe.directory > setup: opt-out of check with safe.directory=* > > Matheus Valadares (1): > setup: fix safe.directory key not being checked > > Documentation/config/safe.txt | 7 +++++ > setup.c | 12 ++++++--- > t/t0033-safe-directory.sh | 49 +++++++++++++++++++++++++++++++++++ > 3 files changed, 65 insertions(+), 3 deletions(-) > create mode 100755 t/t0033-safe-directory.sh > > > base-commit: 11cfe552610386954886543f5de87dcc49ad5735 > Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-1215%2Fderrickstolee%2Fsafe-directories-star-v1 > Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-1215/derrickstolee/safe-directories-star-v1 > Pull-Request: https://github.com/gitgitgadget/git/pull/1215
