> If you can't trust your local filesystem, you are screwed. You are right, I trust my file system. But if our team had central repo with ssh access to that machine, every developer can hack central repo. Whould git-clone/git-fetch warn me about this ? My own test with (another) local repo says: lan@lan:~/tmp/git/test> git clone 1 2 Generating pack... Done counting 3 objects. Deltifying 3 objects. 100% (3/3) done Total 3, written 3 (delta 0), reused 0 (delta 0) error: git-checkout-index: unable to read sha1 file of a (3609f20ebd357679b111783e8afaf36ec46427f3) It can't checkout object (3609f20ebd357679b111783e8afaf36ec46427f3 is the original file). It seems packed repos are safe from this point. - : send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html