On Tue, Mar 03, 2009 at 12:22:53AM -0800, Junio C Hamano wrote: > Yes and no. I think "git shell" sites fall broadly into two categories. > The ones arranged ala gitosis without per-user UNIX account, it certainly > is an issue. The ones with per-user UNIX account would not let anywhere > other than $HOME written, so it is not. Right. My problem is that for the former case, there is no switch. People upgrading git would just get this new feature which has security implications. So I think any patch needs to default to "off". > My sole interest lies in building a track record of suggested patches to > eliminate the excuse people would use to complain that we do not attempt > to allow repositories to be created remotely. I've shown two possible > ways. It now is turn for those who want to have the feature to fill in > the details. These are weatherbaloon patches, and it is not my itch to > scratch anyway. Well, that's sneaky of you. ;P But I think that coincides with what I was trying to say in my original response to the series, which is "this issue is complex, and we need to hear from the people who would really want this exactly what it is they want". -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html