[PATCH] Do not load user or system gitconfig and gitattributes

Jason A. Donenfeld Jason at zx2c4.com
Mon Apr 8 21:42:16 CEST 2013

On Mon, Apr 8, 2013 at 9:37 PM, Ferry Huberts <mailings at hupie.com> wrote:
> John's patch has a 'no override' here, which I think is better.

IMHO, cgit should _not_ process system wide or environmental
configuration data, both to eliminate potential security holes and to
ensure that git will behave deterministically.

> Also I like the place where John sets these up better, at the start of
> execution.

I'd like to restore HOME in case it's useful later on in cgit
development, which means unsetting it in main() isn't so great. As
well, prefer to do the git initialization in one isolated place, in
which we can have a careful idea of what the state of the program is,
rather than saying "oh, somewhere it was setup, hopefully things are
okay, I'll initialize something now here." In my patch, the relevant
git environment variables are set/unset in the same place as GIT_DIR.

More information about the CGit mailing list