On 2014-04-25 03:37, Simon Oosthoek wrote:
> (though tbh, I think you'd have to be in an automated situation
> to check out a branch that is basically a command to hack your
> system, a human would probably figure it too cumbersome, or too
> fishy)
You can get in trouble by cloning a malicious repository and cding to
the resulting directory. See:
https://github.com/richardhansen/clonepwn
for a (benign) demonstration. (Note the name of the default branch in
that repository -- it's not master.)
>
>>>> + # not needed anymore; keep user's
>>>> + # environment clean
>>>> + unset __git_ps1_upstream_name
>>
>> We already have a lot of stuff in the user's environment beginning
>> with __git, so I don't think the unset is necessary.
>
> If people rely on the string being set in their scripts, it can be
> bad to remove it. But if it's new in this patch,
The variable is new.
> I don't see the need to keep it. Cruft is bad IMO.
Agreed, although I am willing to remove those three lines if that is the
collective preference.
-Richard
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
