Web lists-archives.com

Re: Subscribing Apple people to git-security@xxxxxxxxxxxxxxxx




+Akila

Hi,

Replies inline.

> On Jul 2, 2018, at 12:50, Jeff King <peff@xxxxxxxx> wrote:
> 
> On Mon, Jul 02, 2018 at 09:29:41PM +0200, Christian Couder wrote:
> 
>> When people complained a month ago about the MacOS package on
>> https://git-scm.com/ not being up-to-date after the Git security
>> release, I got in touch with Apple people GitLab has been working with
>> to see if they could help on this.
> 
> Unfortunately I don't think this will quite solve the issue we had, just
> because people get their copy of Git in various ways. So Homebrew
> updated pretty promptly, but people going to git-scm.com to find a
> binary package were left without help. Likewise, this will help people
> getting Git as part of XCode, but not people gettin the package from
> git-scm.com.
> 
> All that said, I'm happy to get as many binary packagers into the loop
> as early as possible. It can only help, even if it doesn't solve all
> problems. :)
> 
>> Please add these addresses to the git-security mailing list:
>>    jeremyhu@xxxxxxxxx
>>    akilsrin@xxxxxxxxx
>>    dt-epm@xxxxxxxxxxxxxxx
> 
> Done.
> 
>> Please add these GitHub accounts to the cabal repo:
>>    jeremyhu
> 
> Done.
> 
>>    productsecurityOSSapple
> 
> I couldn't find that account. Is it maybe a team name within the apple
> org or something?

This is the account name I got from Akila.  Akila, can you please work with Jeff to get this sorted?  In the mean time, I have access.

> I am also personally very happy with the Apple developers' willingness
>> to get involved and help.
> 
> Yes, welcome aboard!
> 
> I hope that maybe they're also interested in reducing the overall diff
> between upstream Git and what ships with XCode. Last time I looked
> (which was admittedly a while ago), a lot of the changes seemed like
> things that could probably be considered upstream.

I'm very very interested in having reduced differences between what we ship in Xcode and what is upstream.  I've been maintaining a repo with our patches that I rebase as we move forward, in the hope that these changes might be useful to others and a derivative of them might eventually be accepted upstream.  See https://github.com/jeremyhu/git/commits/master for the current set of changes that are in our shipping git (currently on top of 2.17.1).

Thanks,
Jeremy


> 
> -Peff