John Tapsell wrote:

> I'm concerned that noone is taking this security risk seriously.

If anyone relies on "git log -p" or "git log -p --cc" output to make
sure that the untrusted code they use doesn't introduce unwanted
behavior, they are making a serious mistake.  A merge can completely
undo important changes made in a side branch and "-c" and "--cc" will
not show it.  The lack of "-c" cannot be a security issue here,
because in normal life adding "-c" isn't a secure deployment strategy.

That's why if you want to review the code you are pulling in as a
whole, it is worthwhile to do

        git diff HEAD...FETCH_HEAD

That is how you ask "What code changes does FETCH_HEAD introduce?"
before putting your stamp of approval on them by merging and pushing
out the result.  Unfortunately that doesn't protect you from
maliciously written commits that will be encountered when bisecting.
At some point you have to be able to trust people.

Hope that helps,
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to
More majordomo info at

Reply via email to