On Sun, Jul 20, 2008 at 08:14:22PM -0400, Jeff King wrote: > On Sun, Jul 20, 2008 at 11:23:13AM -0700, Junio C Hamano wrote: > > > I think that is a very sensible approach, but just like we have a few > > "built-in" function-header regexps with customization possibilities for > > the user, we might want to: > > > > * Have that "-x", "-T" in the command line we generate for OpenSSH; > > I am slightly negative on this, because we are setting OpenSSH > preferences behind the user's back that they would not normally expect > git to be tampering with. > > I think the expectation for this is that it impacts only the ssh session > used by git. But because OpenSSH supports the concept of "master" and > "slave" sessions (i.e., it can multiplex many sessions over a single ssh > session, avoiding authentication and thus reducing latency until the > start of the session), what you do in one session can impact other > sessions. In particular, if the 'master' does not have x11 forwarding > (because it happens to be started by git), then slave connections do not > get it. So a user with X11Forwarding and ControlMaster set in his config > would usually have everything work, but bad timing with the > git-initiated session as the master would unexpectedly break his > X11Forwarding for other sessions. > > I don't know how commonly the ControlMaster option for openssh is used. > I also don't know if this should simply be considered a bug in openssh, > since it silently ignores the request for X forwarding. Personally, I > will not be affected because I don't do X forwarding by default, anyway. > But I thought I would raise the point. I'm not sure the ControlMaster option is still followed when using -T. Also, IIRC, ControlMaster doesn't exit until slave connections are done, so git ssh sessions granted the master control would stall until then if they happen to have slaves launched. i.e. It can *already* have bad side effects. Adding '-S none' would ensure ControlMaster would not take effect; on the other hand, it would not allow git's ssh connection to be a slave either. '-o ControlMaster no' could be a solution. All these need to be tested, obviously. Mike -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
