Junio C Hamano <gits...@pobox.com> writes:

> By the way, these options are _not_ about "showing merge commits
> that introduce code", and they do not help your kind of "security".
> As I repeatedly said, you would need "-p -m" for that.

Actually, while defaulting to --cc may be convenient, it would indeed
increase the security risk: currently, "git log -p" shows nothing for
merges, so it's rather clear that _everything_ is omitted. With --cc,
the user would see a diff, and could hardly guess that not everything is
shown without reading the doc very carefully.

Matthieu Moy
