On 2014-04-25 03:37, Simon Oosthoek wrote:
> (though tbh, I think you'd have to be in an automated situation
> to check out a branch that is basically a command to hack your
> system, a human would probably figure it too cumbersome, or too
> fishy)
You can get in trouble by cloning a malicious rep
* G?bor Szeder [2014-04-24 23:10:10 +0430]:
> > I'd like to see this patch eyeballed by those who have been involved
> > in the script (shortlog and blame tells me they are SZEDER and
> > Simon, CC'ed), so that we can hopefully merge it by the time -rc1 is
> > tagged.
>
> I think this is a se
Hi,
On Apr 22, 2014 2:53 AM, Junio C Hamano wrote:
>
> Richard Hansen writes:
>
> > Both bash and zsh subject the value of PS1 to parameter expansion,
> > command substitution, and arithmetic expansion. Rather than include
> > the raw, unescaped branch name in PS1 when running in two- or
>
Richard Hansen writes:
>> and plan for transition to forbid them
>> everywhere in a next big version bump (it is too late for 2.0).
>
> Would it be acceptable to have a config option to forbid these in a
> non-major version bump?
Of course ;-) Because we try very hard to avoid a "flag day" cha
On 2014-04-22 13:38, Junio C Hamano wrote:
> Michael Haggerty writes:
>
>> While we're at it, I think it would be prudent to ban '-' at the
>> beginning of reference name segments. For example, reference names like
>>
>> refs/heads/--cmd=/sbin/halt
>> refs/tags/--exec=forkbomb(){forkbomb
Michael Haggerty writes:
> While we're at it, I think it would be prudent to ban '-' at the
> beginning of reference name segments. For example, reference names like
>
> refs/heads/--cmd=/sbin/halt
> refs/tags/--exec=forkbomb(){forkbomb|forkbomb&};forkbomb
>
> are currently both legal, b
On 04/21/2014 10:24 PM, Jeff King wrote:
> On Mon, Apr 21, 2014 at 03:07:28PM -0400, Richard Hansen wrote:
>
>> Both bash and zsh subject the value of PS1 to parameter expansion,
>> command substitution, and arithmetic expansion. Rather than include
>> the raw, unescaped branch name in PS1 when r
On 2014-04-21 18:33, Junio C Hamano wrote:
> Junio C Hamano writes:
>
>> Richard Hansen writes:
>>
>>> Both bash and zsh subject the value of PS1 to parameter expansion,
>>> command substitution, and arithmetic expansion. Rather than include
>>> the raw, unescaped branch name in PS1 when runnin
Junio C Hamano writes:
> Richard Hansen writes:
>
>> Both bash and zsh subject the value of PS1 to parameter expansion,
>> command substitution, and arithmetic expansion. Rather than include
>> the raw, unescaped branch name in PS1 when running in two- or
>> three-argument mode, construct PS1 t
Richard Hansen writes:
> Both bash and zsh subject the value of PS1 to parameter expansion,
> command substitution, and arithmetic expansion. Rather than include
> the raw, unescaped branch name in PS1 when running in two- or
> three-argument mode, construct PS1 to reference a variable that hold
On 2014-04-21 16:24, Jeff King wrote:
> On Mon, Apr 21, 2014 at 03:07:28PM -0400, Richard Hansen wrote:
>
>> Both bash and zsh subject the value of PS1 to parameter expansion,
>> command substitution, and arithmetic expansion. Rather than include
>> the raw, unescaped branch name in PS1 when runn
On Mon, Apr 21, 2014 at 03:07:28PM -0400, Richard Hansen wrote:
> Both bash and zsh subject the value of PS1 to parameter expansion,
> command substitution, and arithmetic expansion. Rather than include
> the raw, unescaped branch name in PS1 when running in two- or
> three-argument mode, constru
Both bash and zsh subject the value of PS1 to parameter expansion,
command substitution, and arithmetic expansion. Rather than include
the raw, unescaped branch name in PS1 when running in two- or
three-argument mode, construct PS1 to reference a variable that holds
the branch name. Because the s
13 matches
Mail list logo
