Roberto Tyley <roberto.tyley@xxxxxxxxx> writes: > Here's an unmodified repo, in which the user unwisely committed a > database password: > > https://github.com/bfg-repo-cleaner-demos/gma-demo-repo-original/commit/8c9cfe3c > > The unwise commit is reverted with a second commit using 'git revert', > which obviously leaves the password in Git history, and - some time > later - it's decided to properly clean the repo history with > git-filter-branch & git gc, purging the password so the repo can be > more widely shared (open-sourced, or just externally hosted). > > git-filter-branch works exactly as intended, purging the password, but > the one thing it does not- typically - do is update the commit > message.... > .... The git-filter-branch command has a --msg-filter option > which could be used for this purpose, with the application of some > judicious bash-scripting, grep&sed-ing. However, I must confess that I > believe users would be better advised to use The BFG: > > http://rtyley.github.io/bfg-repo-cleaner/ With or without the security issue, leaving old object names that will become irrelevant in the rewritten history will make the resulting history less useful, simply because people cannot look at the objects these messages refer to. The same argument is behind the reason why "cherry-pick -x" was originally the default, found to be a mistake and made optional. filter-branch provides "map" helper function to help mapping old object names to rewritten object names, but stops there; it leaves it up to the message filter script to identify what string in the message is an object name to be rewritten. It can be taught to be more helpful to the message filter writers, and you seem to have done so in BFG, which is very good. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html