On Wed, Jan 8, 2025 at 10:13 AM Paul Eggert <[email protected]> wrote: > 'patch' is a good program to try this new behavior out, as it's not used > that often any more, the new behavior shouldn't be triggered except on > unusual (and likely malicious) input, and the people who still use > 'patch' are generally experts who will know how to deal with the change. > > I'm hoping that we don't water the change down to merely warn about the > newlines. When I'm running 'patch' I'm likely to miss such warnings > (especially for a long patch), and I'm a well-known target for malicious > outsiders. I would rather have 'patch' reject these file names. > > We could add a 'patch' option to accept file names with newlines. But > would that be wise? More-secure operating systems are likely to follow > the POSIX.1-2024 advice and override whatever 'patch' does.
Thanks for that change. I too would frown on any `--accept-NL-afflicted` option :-)
