Jeff King <peff@xxxxxxxx> writes: > ... It is not thinking about what secret things are hitting the > master that you are pushing, no matter how they got there. > > I agree there is a potential workflow (that you have laid out) where > such lying can cause an innocent-looking sequence of events to disclose > the secret commits. And again, I don't mind a note in the documentation > mentioning that. I just have trouble believing it's a common one in > practice. I'd say I agree with the above. I am not sure how easy people employing common workflows can be tricked into the scenario Matt presented, either, but I do not think it would hurt to warn people that they need to be careful not to pull from or push to an untrustworthy place or push things you are not sure that are clean. > The reason I brought up the delta thing, even though it's a much harder > attack to execute, is that it comes up in much more common workflows, > like simply fetching from a private security-sensitive repo into your > "main" public repo (which is an example you brought up, and something I > know that I have personally done in the past for git.git). Yup.