Johannes Schindelin <Johannes.Schindelin@xxxxxx> writes: > To put this into perspective: If this protection had been put in place > before v2.39.4, the CVSS score of CVS-2024-32002 would not have been > 9.1 (Critical), but instead 2.2 (Low). But we wouldn't have a working git-lfs then, so that comparison is not quite fair. As brian already said, you can reduce the score by making Git do nothing, which is _also_ an absurd position to take "security" (in air quotes) over everything else like usability and functionality. And this time, the layered security went a bit too aggressive. Also as Peff said and I agreed to, we are not talking about refusing to do anything on top. It was just that the "never run any approved hook during clone" turned out to be not-quite-fully thought out and it should be reworked in the open, and reverting that wholesale would hopefully give us a cleaner ground to design it. The end-result of such a reworking in the open may turn out to be the same (or similar) "register the blob object name of the contents to appear in approved hook scripts", or it may look completely different. But the road to get there, and the state of the system while we get there, would be different. I would probably see if I can take brian's revert directly; if it applies to the oldest maint-2.39 track, it would be the ideal, but we'd still need to prepare a similar 7-track cascade like we did for the js/fix-clone-w-hooks-2.XX topics. If it is only for the master, it needs to be munged to apply to maint-2.39 first. Thanks.
