* Ian Jackson <ijack...@chiark.greenend.org.uk>, 2017-07-08, 18:30:
if this change was done for security reasons, why has it not been done
in stretch ?
This change was introduced in this commit:
https://github.com/git/git/commit/f1762d772e9b415a3163abf5f217fc3b71a3b40e
The commit message doesn't mention any security implications. In fact,
it doesn't even explicitly say that it changes the default behavior. :-/
I suspect it was meant to be hardening, rather than a security fix.
See #840014 for a bug that was mitigated thanks to this change.
Other security bugs that could be exploited via git-remote-ext:
https://github.com/sociomantic-tsunami/git-hub/issues/197
https://github.com/seveas/git-spindle/issues/154
--
Jakub Wilk
