Suggested reading: http://git-blame.blogspot.com/2011/08/how-to-inject-malicious-commit-to-git.html I am wondering if we are better off applying something along the lines of this patch, so that with the default configuration, users can notice if their upstream unexpectedly rewound their branches. It would produce [remote] url = git://.../git.git/ fetch = refs/heads/*:refs/remotes/origin/* upon cloning from my repository, and your "git fetch" will fail because the pu (proposed updates) branch is constantly unwinding, but that can be easily fixed with [remote] url = git://.../git.git/ fetch = refs/heads/*:refs/remotes/origin/* fetch = +refs/heads/pu:refs/remotes/origin/pu as the explicit refspec trumps the wildcard one. builtin/remote.c | 6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) diff --git a/builtin/remote.c b/builtin/remote.c index f2a9c26..081fbbf 100644 --- a/builtin/remote.c +++ b/builtin/remote.c @@ -116,11 +116,11 @@ static int add_branch(const char *key, const char *branchname, const char *remotename, int mirror, struct strbuf *tmp) { strbuf_reset(tmp); - strbuf_addch(tmp, '+'); - if (mirror) + if (mirror) { + strbuf_addch(tmp, '+'); strbuf_addf(tmp, "refs/%s:refs/%s", branchname, branchname); - else + } else strbuf_addf(tmp, "refs/heads/%s:refs/remotes/%s/%s", branchname, remotename, branchname); return git_config_set_multivar(key, tmp->buf, "^$", 0); -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html