Johannes Schindelin <Johannes.Schindelin@xxxxxx> writes: >> As brian already said, you can reduce the score by making Git do >> nothing, which is _also_ an absurd position to take "security" (in air >> quotes) over everything else like usability and functionality. And this >> time, the layered security went a bit too aggressive. > > Right. And I never said that we should do something as absurd, so I fail > to see your point. It went a bit too aggressive, closer to an absurd version of Git that does nothing, for users of git-lfs and the hooksdir config. Luckily these two were reported/found soon enough but we do not know what other fallouts remain. > Let me quickly iterate on this here patch series (as well as the > `tentative/maint-*` branches) so that we can accelerate toward a fixed > version again; Git LFS has been broken for long enough, I'd think. It would be nice to go back to the pre-2.39.4 state so that we can redo it from the clean slate soon. Thanks.
