PSA: Did you know that it’s **unsafe** to put code diffs into your commit messages?
Uncategorized
58
Posts
47
Posters
2
Views
-
@heiglandreas Have you actually read the commit message in question? It’s perfectly reasonable.
@zekjur I have read the commit message.
Whether that is reasonable is ... debatable.
Adding an actual commit with the change and explaining why it was done that way and then adding a second commit removing it with the respective why would have been a better option separating code and explanation.
Alternatively explaining that a test with `sleep(1)` after line xyz was done.
But perhaps that is the `edge-case` I was talking about? 🤷
-
PSA: Did you know that it’s **unsafe** to put code diffs into your commit messages?
Like https://github.com/i3/i3/pull/6564 for example
Such diffs will be applied by patch(1) (also git-am(1)) as part of the code change!
This is how a sleep(1) made it into i3 4.25-2 in Debian unstable.
@zekjur gotcha - or rather: gitcha!
-
PSA: Did you know that it’s **unsafe** to put code diffs into your commit messages?
Like https://github.com/i3/i3/pull/6564 for example
Such diffs will be applied by patch(1) (also git-am(1)) as part of the code change!
This is how a sleep(1) made it into i3 4.25-2 in Debian unstable.
@zekjur FWIW I reported this to the git ML... lets see
-
-
undefined swelljoe@mas.to shared this topic
-
PSA: Did you know that it’s **unsafe** to put code diffs into your commit messages?
Like https://github.com/i3/i3/pull/6564 for example
Such diffs will be applied by patch(1) (also git-am(1)) as part of the code change!
This is how a sleep(1) made it into i3 4.25-2 in Debian unstable.
@zekjur@mas.to Wow, great example of the beautiful abstract layer provided by Modern Frontend™ broken by underlying email-based infrastructure.
-
PSA: Did you know that it’s **unsafe** to put code diffs into your commit messages?
Like https://github.com/i3/i3/pull/6564 for example
Such diffs will be applied by patch(1) (also git-am(1)) as part of the code change!
This is how a sleep(1) made it into i3 4.25-2 in Debian unstable.
@zekjur i wonder if this works when the diff is hidden within a markdown comment <!— like this —>
That could be an extremely bad vulnerability
-
@zekjur i wonder if this works when the diff is hidden within a markdown comment <!— like this —>
That could be an extremely bad vulnerability
-
PSA: Did you know that it’s **unsafe** to put code diffs into your commit messages?
Like https://github.com/i3/i3/pull/6564 for example
Such diffs will be applied by patch(1) (also git-am(1)) as part of the code change!
This is how a sleep(1) made it into i3 4.25-2 in Debian unstable.
-
PSA: Did you know that it’s **unsafe** to put code diffs into your commit messages?
Like https://github.com/i3/i3/pull/6564 for example
Such diffs will be applied by patch(1) (also git-am(1)) as part of the code change!
This is how a sleep(1) made it into i3 4.25-2 in Debian unstable.
@zekjur genuinely why would this ever be the case in the modern day -
PSA: Did you know that it’s **unsafe** to put code diffs into your commit messages?
Like https://github.com/i3/i3/pull/6564 for example
Such diffs will be applied by patch(1) (also git-am(1)) as part of the code change!
This is how a sleep(1) made it into i3 4.25-2 in Debian unstable.
@zekjur Ohh, that's nasty :D
-
@funbaker yes those work in markdown
-
PSA: Did you know that it’s **unsafe** to put code diffs into your commit messages?
Like https://github.com/i3/i3/pull/6564 for example
Such diffs will be applied by patch(1) (also git-am(1)) as part of the code change!
This is how a sleep(1) made it into i3 4.25-2 in Debian unstable.
@zekjur oh, that's hilarious
-
-
-
PSA: Did you know that it’s **unsafe** to put code diffs into your commit messages?
Like https://github.com/i3/i3/pull/6564 for example
Such diffs will be applied by patch(1) (also git-am(1)) as part of the code change!
This is how a sleep(1) made it into i3 4.25-2 in Debian unstable.
@zekjur well there ya go. You put the entire code of your malicious repo in the commit message and just put decoy code as the repo src.
-
PSA: Did you know that it’s **unsafe** to put code diffs into your commit messages?
Like https://github.com/i3/i3/pull/6564 for example
Such diffs will be applied by patch(1) (also git-am(1)) as part of the code change!
This is how a sleep(1) made it into i3 4.25-2 in Debian unstable.
@zekjur classic lack of separation of in-band vs. out-of-band. Very similar to many security vulnerabilities get created, including some of the recent gpg.fail vulnerabilities.
-
PSA: Did you know that it’s **unsafe** to put code diffs into your commit messages?
Like https://github.com/i3/i3/pull/6564 for example
Such diffs will be applied by patch(1) (also git-am(1)) as part of the code change!
This is how a sleep(1) made it into i3 4.25-2 in Debian unstable.
@zekjur weird little footguns
-
PSA: Did you know that it’s **unsafe** to put code diffs into your commit messages?
Like https://github.com/i3/i3/pull/6564 for example
Such diffs will be applied by patch(1) (also git-am(1)) as part of the code change!
This is how a sleep(1) made it into i3 4.25-2 in Debian unstable.
@zekjur For being a central component of software development, "unified context diff" files are surprisingly fragile.
- Tools are supposed to skip "garbage" lines and apply everything that looks like a diff (this is what's happening here).
- Creating and deleting files is a done via implementation-specific hacks. GNU patch for example cannot create or delete an empty file.
- The format of file names is standardized, but the definition is lacking (see above), so Git does something else.
etc.
-
PSA: Did you know that it’s **unsafe** to put code diffs into your commit messages?
Like https://github.com/i3/i3/pull/6564 for example
Such diffs will be applied by patch(1) (also git-am(1)) as part of the code change!
This is how a sleep(1) made it into i3 4.25-2 in Debian unstable.
@zekjur Why would someone design it like that? What's the possible use case for this behavior?
-
PSA: Did you know that it’s **unsafe** to put code diffs into your commit messages?
Like https://github.com/i3/i3/pull/6564 for example
Such diffs will be applied by patch(1) (also git-am(1)) as part of the code change!
This is how a sleep(1) made it into i3 4.25-2 in Debian unstable.
@zekjur Just fucking stop using github.
Gli ultimi otto messaggi ricevuti dalla Federazione
-
@DigiDavidex chissà quante brugole vale
-
Like when I was doing this a lot, I paid for Workstation Pro and Player Pro, but even those are an unmitigated shit show now.
-
How the hell did running a desktop VM go from incredibly simple to a fucking nightmare? Running a Windows VM on a Linux host used to be like: choose VM tool, install VM tool, pick CPU/RAM/DISK limits, boot an ISO
Every single desktop VM tool seems to have gotten much more complicated to set up and use, and I’m not seeing any benefit I get in exchange for that.
-
Questa è la storia di 4 persone che si chiamano Ognuno,Qualcuno,Ciascuno, Nessuno.C'era un lavoro urgente da fare e Ognuno era sicuro che Qualcuno lo avrebbe fatto.Ciascuno avrebbe potuto farlo,ma Nessuno lo fece.Finì che Ciascuno incolpò Qualcuno perché Nessuno fece ciò che Ognuno avrebbe potuto fare. 😁
-
@mora @quinta @mariosiniscalchi domandatevi con quale qualità e conseguenze sopravvive un culto che si concentra sui predicatori e non su una dottrina uniformata
-
Belated Christmas gift, a signed poster from an exhibit in Toledo. I love this! Need to get it framed and up in the studio. #art #inspiration #poster
-
@lakelady I followed along in the notes!
-
@ilarioq @economia sempre in Cina le fanno 😂. Non so ma, x fare un esempio, sulla Volvo EX30 montano in base all'allestimento, 2 tipi di batteria diverse: LFP (al litio-ferro-fosfato) e NCM (al nickel-manganese-cobalto). In ogni caso tra un mese, un anno, un decennio la tecnologia sarà migliorata e i numeri di oggi non avranno + valore
