@@ -42,13 +42,13 @@ This edition covers what happened during the months of February and March 2026.
4242
4343 The incident had originated in the i3 window manager project, where a
4444 commit message contained an unindented diff for illustration purposes.
45- When Debian packagers later applied the patch using patch(1) , the diff
45+ When Debian packagers later applied the patch using ` patch ` , the diff
4646 in the commit message was applied as actual code, sneaking a spurious
47- ` sleep(1) ` call into the Debian unstable package. Matthias asked the
47+ ` sleep ` call into the Debian unstable package. Matthias asked the
4848 list whether this was a known issue and whether it could be an attack
4949 vector.
5050
51- To understand why this happens, it helps to know how git-am(1) parses
51+ To understand why this happens, it helps to know how ` git am ` parses
5252 its input. When processing a patch email, it must split the stream into
5353 two parts: the commit message and the actual patch to apply. It does
5454 this by treating the first occurrence of any of the following lines as
@@ -59,23 +59,23 @@ This edition covers what happened during the months of February and March 2026.
5959 - a line beginning with ` Index: ` .
6060
6161 Everything before that boundary becomes the commit message; everything
62- after is fed to the patch application machinery. Crucially, git-am(1)
62+ after is fed to the patch application machinery. Crucially, ` git am `
6363 scans from the top of the email, so the very first such line it
6464 encounters terminates the commit message regardless of whether that
6565 line was meant to be part of the message text.
6666
6767 This design dates back to the tool's origins. As Jeff King (also known
68- as "Peff") quickly explained in reply to Matthias, git-am(1) was
68+ as "Peff") quickly explained in reply to Matthias, ` git am ` was
6969 originally designed to handle patches sent by all kinds of people, not
7070 just Git users. A contributor might have generated a diff with plain
7171 GNU ` diff ` and typed the rest of the email by hand, without any ` --- `
7272 separator. The tool was therefore intentionally permissive: it would
7373 find a ` diff - ` line anywhere in the email and treat it as the start
7474 of the patch. Peff demonstrated this with a live example. He fed
75- git-am(1) a hand-typed email containing a GNU diff, and it produced the
75+ ` git am ` a hand-typed email containing a GNU diff, and it produced the
7676 expected commit.
7777
78- This historical context also explained why git-am(1) is notoriously
78+ This historical context also explained why ` git am ` is notoriously
7979 hard to fix: "I don't think there is a way to unambiguously parse the
8080 single-stream output that format-patch produces," Peff wrote, noting
8181 that he could find at least three earlier discussions of the same
@@ -93,54 +93,54 @@ This edition covers what happened during the months of February and March 2026.
9393 someone should be reading the commit message before applying. But
9494 Matthias pushed back: the whole point was that nobody realized the
9595 behavior was there. He called it "sheer luck" that it was only a
96- ` sleep(1) ` and not something more malicious crafted as a diff in the
96+ ` sleep ` and not something more malicious crafted as a diff in the
9797 commit message.
9898
99- Florian Weimer wondered whether the git- format-patch(1) output was
99+ Florian Weimer wondered whether the ` git format-patch ` output was
100100 really ambiguous, given that the patch section is normally preceded by
101101 a diffstat block. Peff replied that the diffstat is optional and is not
102102 even parsed by the receiving side at all.
103103
104- Jakob Haufe added an important nuance: even if git-am(1) was fixed to
104+ Jakob Haufe added an important nuance: even if ` git am ` was fixed to
105105 require indented diffs, it would only partially mitigate the problem,
106- because patch(1) (which many distributions use to apply upstream
106+ because ` patch ` (which many distributions use to apply upstream
107107 fixes to packages) is even more permissive. It will strip a consistent
108108 level of indentation from diffs before applying them. He quoted the
109109 patch(1) manual page: "If the entire diff is indented by a
110110 consistent amount, [ ...] this is taken into account." The i3 incident
111- had in fact been triggered by patch(1) , not git-am(1) .
111+ had in fact been triggered by ` patch ` , not ` git am ` .
112112
113113 Kristoffer Haugsbakk synthesized this into a clear summary of the
114114 situation and immediately proposed documenting it.
115115
116116 Matthias also highlighted the broader applicability beyond email
117117 workflows: Linux distributions like NixOS routinely fetch patches
118118 directly from upstream Git repositories and apply them to packages
119- using patch(1) . He noted that even after 15 years of using Git and
119+ using ` patch ` . He noted that even after 15 years of using Git and
120120 being comfortable with email patch workflows, he himself had not known
121121 about this behavior.
122122
123123 Several directions were then explored to look for solutions.
124124
125- Peff observed the irony that git- format-patch(1) does have a ` --attach `
125+ Peff observed the irony that ` git format-patch ` does have an ` --attach `
126126 option which puts the message and the patch in separate MIME parts —
127- making them unambiguous in principle. However, git- mailinfo(1) (which
128- powers git-am(1) under the hood) decodes both parts into a single
127+ making them unambiguous in principle. However, ` git mailinfo ` (which
128+ powers ` git am ` under the hood) decodes both parts into a single
129129 stream and still treats a ` diff ` line in the message part as the start
130130 of a patch. Fixing this would require careful surgery to avoid
131131 breaking the existing forgiving handling of patches received as a
132132 single attachment.
133133
134134 Patrick Steinhardt suggested that even if parsing cannot be made
135- unambiguous, git-am(1) could at least detect the ambiguity and bail by
135+ unambiguous, ` git am ` could at least detect the ambiguity and bail by
136136 default with an ` --accept-ambiguous-patch ` override. Jacob Keller
137137 proposed going further: a new "unambiguous mode" where
138- git- format-patch(1) would produce output that new versions of git-am(1)
138+ ` git format-patch ` would produce output that new versions of ` git am `
139139 could distinguish unambiguously, while old versions would still handle
140140 the common case the same way as before.
141141
142142 Jacob had also sketched a concrete scheme: add a new unambiguous
143- marker after the ` --- ` separator, so that old versions of git-am(1)
143+ marker after the ` --- ` separator, so that old versions of ` git am `
144144 would still cut at the ` --- ` and ignore everything up to the diff, while
145145 new versions would wait for the new marker and correctly ignore any
146146 diff appearing before it. Since the new marker would come after ` --- ` ,
@@ -152,7 +152,7 @@ This edition covers what happened during the months of February and March 2026.
152152 multiple markers. He explored further options: reversible quoting of
153153 ` --- ` and ` diff ` lines in the commit message (analogous to the ` >From `
154154 quoting used in mbox files), applied only when the message would
155- otherwise be ambiguous. This way, if an older git-am(1) received the
155+ otherwise be ambiguous. This way, if an older ` git am ` received the
156156 mail, the worst case would be visible quoting in the commit message —
157157 ugly but readable. Junio Hamano, the Git maintainer, added another
158158 thought: refusing to accept unsigned patches at all.
@@ -216,7 +216,7 @@ This edition covers what happened during the months of February and March 2026.
216216 message for unindented ` diff - ` and ` Index: ` lines and reject the
217217 commit with a helpful error message.
218218 3 . Added a further check to detect ` --- ` separator lines in the message
219- body, which would cause git-am(1) to silently truncate the commit
219+ body, which would cause ` git am ` to silently truncate the commit
220220 message.
221221
222222 Peff reacted with measured skepticism to patch 3 in
@@ -234,7 +234,7 @@ This edition covers what happened during the months of February and March 2026.
234234
235235 Peff confirmed he used the same trick. Phillip, acknowledging that at
236236 least three developers relied on this behavior, decided to drop patch 3
237- entirely, reducing the series from three patches to two, in
237+ entirely, reducing the series from three patches to two in
238238 [ version 2] ( https://lore.kernel.org/git/cover.1770993281.git.phillip.wood@dunelm.org.uk ) .
239239 He also refined the diff detection in the body: the v2 correctly skips
240240 the first paragraph of the message (which becomes the email Subject
@@ -248,7 +248,7 @@ This edition covers what happened during the months of February and March 2026.
248248 --cleanup=scissors --verbose` and was satisfied.
249249
250250 The discussion did not lead to a fundamental fix to the ambiguous
251- parsing in git-am(1) , which remains an open problem with no obvious
251+ parsing in ` git am ` , which remains an open problem with no obvious
252252 backward-compatible solution. But it produced two concrete
253253 improvements that were accepted and are now in ` master ` : a CAVEATS
254254 section in the documentation for git-am(1), git-format-patch(1), and
@@ -258,11 +258,11 @@ This edition covers what happened during the months of February and March 2026.
258258
259259 The thread also served as a useful reminder that this problem is not
260260 limited to email workflows: any project that generates patches from
261- Git commits using git- format-patch(1) and applies them with patch(1)
262- or git-am(1) is exposed to it. The practical advice for authors is
261+ Git commits using ` git format-patch ` and applies them with ` patch `
262+ or ` git am ` is exposed to it. The practical advice for authors is
263263 simple: if you include diffs in commit messages for illustrative
264264 purposes, make sure to indent them consistently, and be aware that
265- even that does not protect you from patch(1) .
265+ even that does not protect you from ` patch ` .
266266
267267## Developer Spotlight: Olamide Caleb Bello
268268
@@ -276,7 +276,7 @@ As always, we welcome your thoughts and feedback!_
276276
277277 I’m Olamide Caleb Bello, a software engineer based in Nigeria. I studied
278278 Economics, but I’ve always been curious about technology and how
279- Systems work behind the scenes. That curiosity led me to start teaching
279+ systems work behind the scenes. That curiosity led me to start teaching
280280 myself web development, and over time I found myself drawn more
281281 towards backend and systems-oriented work.
282282
0 commit comments