Jeff King wrote: > The current property is that it's safe to fetch from an > untrusted repository, even over ssh. If we're keeping that for protocol > v1, we'd want it to apply to protocol v2, as well.
Ah, this is what I had been missing (the non-ssh case). I see your point. I think we need to fix the pager config issue and add some clarifying documentation to git.c so that people know what to look out for. Keep in mind that git upload-archive (a read-only command, just like git upload-pack) also already has the same issues. Thanks, Jonathan