Johannes Schindelin <Johannes.Schindelin@xxxxxx> writes: > On Wed, 29 May 2024, Jeff King wrote: > >> [...] But of course most sites just use the defaults, so all warnings >> are effectively errors. > > I wish that had been pointed out on the git-security mailing list when I > offered this patch up for review. I sympathize with the sentiment, but there are things that becomes much clearer once you know what to look for by getting specific complaints, and I am sure that you would have come to "ah, there is this strict thing in addition to the msg_type" yourself, without anybody pointing it out to you, once you looked, if we had Joey's report while working on the patch. I would have noticed it with a breakage example back when the patch was first floated on the security list, but of course I didn't, because the patch was only on the security list without wider testers. The take home lesson from this episode should not be "people should speak up more in the security list". It instead is "let's try to limit the work under embargo to absolute minimum, and work in the open for anything on top". "We saw an issue that we followed a symlink when we shouldn't, which we are going to fix here, but it became high severity because of where that symlink pointed at" may be a valid sentiment to have, but we should stop at "fixing" it under embargo, and addressing the "but ... because" issue on top is better done in the open. Even if we propose "let's not allow symlink at all---that way even if we wrote through symlinks by mistake, we won't damage anything", there will be more people to correct us when we worked in the open. In any case, let's clean up the mess we created in 2.45.1 and friends quickly to prepare a solid foundation to allow us do additional work on top. The reverts are in 'next' and I plan to merge it down to 'master', which hopefully allows us to do the follow up releases soonish.
