)]}' { "commit": "b88b58b670be36f332285e1818695ac45b5be5b3", "tree": "852e4201ce2424ff40cc3900f572400c7a63d371", "parents": [ "8357e942dd9da82884a4e1b6e4697479153d0496" ], "author": { "name": "Jonathan Nieder", "email": "jrn@google.com", "time": "Wed Oct 25 14:19:06 2017 -0700" }, "committer": { "name": "David Pursehouse", "email": "dpursehouse@collab.net", "time": "Wed Oct 25 23:05:13 2017 +0000" }, "message": "CloneWithCommitMsgHook: Stop passing --insecure to curl\n\nValidating certs is an important feature of HTTPS that we should not\ndisable, especially when downloading code that is going to be trusted.\n\nThis \"curl\" invocation does not take place until after a successful\n\"git clone\", so the -k option would not be useful for dealing with\nmisconfigured https servers. Any configuration that needs -k would\nalready be broken because of the \"git clone\" that comes before it.\n\nReported-by: Gert van Dijk \u003cgertvdijk@gmail.com\u003e\nBug: Issue 7562\nChange-Id: Ibe14bba5c1ce30a771515ff7985796aa1b8cdadf\n", "tree_diff": [ { "type": "modify", "old_id": "79cf18756419dad8c33a72d29d41df3fa4057a04", "old_mode": 33188, "old_path": "src/main/java/com/googlesource/gerrit/plugins/download/command/CloneWithCommitMsgHook.java", "new_id": "a0ed759dadb4aa7a37738ba23c01a869ba80835c", "new_mode": 33188, "new_path": "src/main/java/com/googlesource/gerrit/plugins/download/command/CloneWithCommitMsgHook.java" } ] }