Jeff King <peff@xxxxxxxx> writes: >> I would not recommend sending over regex as protocol capability the >> same way as ref-prefix works, unless we adopt something that can >> match linear-time like re2 and use it everywhere, as you can send a >> pattern that is deliberately made inefficient to inconvenience the >> other side. > > Yeah, I should not even have mentioned regex. It was really meant as "if > you really wanted to go wild, you could do something as crazy as > regexes". The cautionary comment wasn't meant for you (you know I know you better than that by now) but was primarily to deter those who are reading from sidelines from going wild for "low hanging fruit". Unlike normal desktop features, a feature that can easily be abused for DoS cannot be initially built in a way that is inefficient, with a hope that we will iterate and improve over time, until which time we ship it labeled as "experimental". > But I would hold off on all of that until somebody has a concrete case > that shows why their preferred matching scheme is useful. True, too. Thanks.
