>>>>> On Sat, 28 Oct 2017, Michał Górny wrote: > W dniu sob, 28.10.2017 o godzinie 14∶49 +0200, użytkownik Ulrich Mueller > napisał: >> Other tools like "find" don't special-case dot-prefixed files >> though (in fact, "ls" may well be the exception there). >> >> Implicit ignores only create an unnecessary attack surface. Better >> make them explicit, even if this will require adding some entries >> for common cases (like .git in the top-level dir).
> I dare say it's not an attack surface if tools are explicitly > directed not to use those files. For example, an ebuild can apply all patches from a given directory. We certainly don't want any unaccounted dot-prefixed files being injected there. (And yes, globbing shouldn't normally match such files, but there's at least one eclass setting the dotglob option.) > The problem is, you can't predict all possible dotfiles and even if > you do, you're effectively blocking the user from creating any files > for his own use. Create files for their own use in random locations in the Gentoo repository? Why would anyone want to do that? > Say, if user wanted to use git on top of rsync for his own purposes, > why would you prevent him from doing that? As I said before, top-level .git should have an explicit IGNORE entry. IMHO we should rather stay on the safe side there, unless someone will speak up who has a concrete workflow where such dot-prefixed files with unpredictable names are needed. Ulrich
pgpnnc9QigXFT.pgp
Description: PGP signature
