On 4/17/08, Junio C Hamano <gitster@xxxxxxxxx> wrote: > Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> writes: > > So if we do end up doing a "tracked config file", I'd personally very much > > prefer it be limited in some way. For example, we obviously track the > > .gitignore and .gitattributes files, but they are much more limited in > > their effects. Maybe we could have a "limited config file" that allows for > > *some* config options to be set? > > Yes, that's all what I have been trying to say ;-) How about this: we know that *most* options are harmless, at least from a security point of view. AFAIK it's really just the ones where you specify shell commands that are unsafe. Why not have a list of "safe" config options in git, and when reading .gitconfig, error out if any of the options in that file are unsafe. (Alternatively: silently ignore the unsafe ones, or warn and then ignore the unsafe ones.) A more advanced variation of the same would be to have .git/config options that list specific exceptions to the safe list, so if .gitconfig causes an error, you can *explicitly* git config set to let .gitconfig override them. Another possibility would be to have an "unsafe" list instead of a "safe" list, but that sounds rather error-prone to me. Have fun, Avery -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
