From: Junio C Hamano <gitster@pobox.com>
To: Johannes Schindelin <Johannes.Schindelin@gmx.de>
Cc: Jeff King <peff@peff.net>, Joey Hess <id@joeyh.name>,
"brian m. carlson" <sandals@crustytoothpaste.net>,
git@vger.kernel.org
Subject: Re: [PATCH 0/2] Revert defense-in-depth patches breaking Git LFS
Date: Wed, 29 May 2024 09:17:28 -0700 [thread overview]
Message-ID: <xmqq4jagzj6v.fsf@gitster.g> (raw)
In-Reply-To: <1cbdeb41-2ad3-05e4-ab27-1f84086b7f43@gmx.de> (Johannes Schindelin's message of "Wed, 29 May 2024 14:17:41 +0200 (CEST)")
Johannes Schindelin <Johannes.Schindelin@gmx.de> writes:
> On Wed, 29 May 2024, Jeff King wrote:
>
>> [...] But of course most sites just use the defaults, so all warnings
>> are effectively errors.
>
> I wish that had been pointed out on the git-security mailing list when I
> offered this patch up for review.
I sympathize with the sentiment, but there are things that becomes
much clearer once you know what to look for by getting specific
complaints, and I am sure that you would have come to "ah, there is
this strict thing in addition to the msg_type" yourself, without
anybody pointing it out to you, once you looked, if we had Joey's
report while working on the patch. I would have noticed it with a
breakage example back when the patch was first floated on the
security list, but of course I didn't, because the patch was only on
the security list without wider testers.
The take home lesson from this episode should not be "people should
speak up more in the security list". It instead is "let's try to
limit the work under embargo to absolute minimum, and work in the
open for anything on top".
"We saw an issue that we followed a symlink when we shouldn't, which
we are going to fix here, but it became high severity because of
where that symlink pointed at" may be a valid sentiment to have, but
we should stop at "fixing" it under embargo, and addressing the "but
... because" issue on top is better done in the open. Even if we
propose "let's not allow symlink at all---that way even if we wrote
through symlinks by mistake, we won't damage anything", there will
be more people to correct us when we worked in the open.
In any case, let's clean up the mess we created in 2.45.1 and
friends quickly to prepare a solid foundation to allow us do
additional work on top. The reverts are in 'next' and I plan to
merge it down to 'master', which hopefully allows us to do the
follow up releases soonish.
next prev parent reply other threads:[~2024-05-29 16:17 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-14 18:16 [PATCH 0/2] Revert defense-in-depth patches breaking Git LFS brian m. carlson
2024-05-14 18:16 ` [PATCH 1/2] Revert "clone: prevent hooks from running during a clone" brian m. carlson
2024-05-14 18:16 ` [PATCH 2/2] Revert "core.hooksPath: add some protection while cloning" brian m. carlson
2024-05-14 19:07 ` [PATCH 0/2] Revert defense-in-depth patches breaking Git LFS Johannes Schindelin
2024-05-14 19:41 ` brian m. carlson
2024-05-22 9:49 ` Joey Hess
2024-05-27 19:35 ` Johannes Schindelin
2024-05-28 2:13 ` Joey Hess
[not found] ` <ZlZSZ1-0F2DEp9yV@tapette.crustytoothpaste.net>
2024-05-28 23:46 ` Junio C Hamano
2024-05-29 8:54 ` Jeff King
2024-05-29 12:17 ` Johannes Schindelin
2024-05-29 16:17 ` Junio C Hamano [this message]
2024-05-30 8:17 ` Jeff King
2024-05-24 17:37 ` Joey Hess
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqq4jagzj6v.fsf@gitster.g \
--to=gitster@pobox.com \
--cc=Johannes.Schindelin@gmx.de \
--cc=git@vger.kernel.org \
--cc=id@joeyh.name \
--cc=peff@peff.net \
--cc=sandals@crustytoothpaste.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).