On Fri, Sep 11, 2020 at 04:38:36PM -0600, Tracey Emery wrote:
> On Fri, Sep 11, 2020 at 08:39:54PM +0200, Stefan Sperling wrote:
> > I had started writing a patch to allow configuring an editor via
> > got.conf. But then I realized that this does not seem safe.
> > 
> > The editor is an arbitrary command and neither pledge nor unveil can
> > impose any restrictions on it. If a repository is shared between users
> > then arbitrary command execution as one of the other users would be
> > possible by configuring a malicous editor command in the repository's
> > got.conf file.
> > 
> > So instead of implementing this feature I would like to document
> > why it is being rejected.
> > 
> > Am I being too paranoid?
> > 
> 
> No, and it's a weird "feature" anyway. I can't imagine wanting to use
> one editor on a repo and a different editor on another.
> 
> Do people actually do that? If the answer is yes, then the explanation
> below would be needed. If the answer is no, I don't see a need, but
> that's just me.

Git has a config knob for this of course (core.editor).
So I figure someone will want to set their editor via got.conf
at some point.

Not everyone is prudent about setting up environment variables.
I received a confused bug report where a user fell into /bin/ed
because they hadn't set up their environment. They didn't recognize
ed as such, and concluded that 'got import' had frozen up. In our
conversation the question arose whether users really need to tweak
their shell profile to avoid this behaviour. By now I believe the
answer is "yes" (and using ed as default editor is pretty effective
at catching people who haven't set up their environment).

Also consider that some people use multiple editors and will be looking
for a per-application config knob they could use.