| Message ID | 20230125230117.3915827-1-gwymor@tilde.club (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | request-pull: filter out SSH/X.509 tag signatures | expand |
Gwyneth Morgan <gwymor@tilde.club> writes: > git request-pull filters PGP signatures out of the tag message, but not > SSH or X.509 signatures. > --- Please sign-off your contribution. cf. Documentation/SubmittingPatches[[sign-off]] > git-request-pull.sh | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/git-request-pull.sh b/git-request-pull.sh > index 2d0e44656c..01640a044b 100755 > --- a/git-request-pull.sh > +++ b/git-request-pull.sh > @@ -153,7 +153,7 @@ for you to fetch changes up to %H: > if test $(git cat-file -t "$head") = tag > then > git cat-file tag "$head" | > - sed -n -e '1,/^$/d' -e '/^-----BEGIN PGP /q' -e p > + sed -n -e '1,/^$/d' -e '/^-----BEGIN \(PGP\|SSH\|SIGNED\) /q' -e p This makes readers debate themselves if being more specific and narrow like the posted patch is safer and better, or making it looser by just requiring "^-----BEGIN " and making it forward looking is sufficient and maintainable. If this were signed-off already, I would have said "let's queue it as-is, while waiting for input from others", but without a sign-off I am not queuing (yet). Thanks.
On 2023-01-25 15:19:34-0800, Junio C Hamano wrote: > Please sign-off your contribution. > cf. Documentation/SubmittingPatches[[sign-off]] Oops! I will resend with a sign-off. > > git-request-pull.sh | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/git-request-pull.sh b/git-request-pull.sh > > index 2d0e44656c..01640a044b 100755 > > --- a/git-request-pull.sh > > +++ b/git-request-pull.sh > > @@ -153,7 +153,7 @@ for you to fetch changes up to %H: > > if test $(git cat-file -t "$head") = tag > > then > > git cat-file tag "$head" | > > - sed -n -e '1,/^$/d' -e '/^-----BEGIN PGP /q' -e p > > + sed -n -e '1,/^$/d' -e '/^-----BEGIN \(PGP\|SSH\|SIGNED\) /q' -e p > > This makes readers debate themselves if being more specific and > narrow like the posted patch is safer and better, or making it > looser by just requiring "^-----BEGIN " and making it forward > looking is sufficient and maintainable. I could imagine someone having a tag with a line starting that way (not realizing it's a common pattern for signatures to take) and being confused at why it's being removed. The likelihood of someone doing that, and using request-pull with that tag, is pretty low though, so I don't have a strong preference.
diff --git a/git-request-pull.sh b/git-request-pull.sh index 2d0e44656c..01640a044b 100755 --- a/git-request-pull.sh +++ b/git-request-pull.sh @@ -153,7 +153,7 @@ for you to fetch changes up to %H: if test $(git cat-file -t "$head") = tag then git cat-file tag "$head" | - sed -n -e '1,/^$/d' -e '/^-----BEGIN PGP /q' -e p + sed -n -e '1,/^$/d' -e '/^-----BEGIN \(PGP\|SSH\|SIGNED\) /q' -e p echo echo "----------------------------------------------------------------" fi &&