Ævar Arnfjörð Bjarmason <avarab@xxxxxxxxx> writes: > To clarify, I'm not suggesting that we ever read arbitrary parts of the > "diff.<driver>.<key>" config space, but that we could whitelist one set > of "diff.<driver>.<known-key>"="<known-values>". When the value names the path to an executable or the command line to invoke a program, there is no "portable" value that is useful. Whitelisting macOS only program only because its pathname is one of the known values does not help me running something else.
