Matt McCutchen <matt@xxxxxxxxxxxxxxxxx> writes: > Documentation/fetch-push-security.txt | 9 +++++++++ A new (consolidated) piece like this that can be included in multiple places is a good idea. I wonder if the original description in "namespaces" thing can be moved here and then "namespaces" page can be made to also borrow from this? > Documentation/git-fetch.txt | 2 ++ > Documentation/git-pull.txt | 2 ++ > Documentation/git-push.txt | 2 ++ > 4 files changed, 15 insertions(+) > create mode 100644 Documentation/fetch-push-security.txt > > diff --git a/Documentation/fetch-push-security.txt b/Documentation/fetch-push-security.txt > new file mode 100644 > index 0000000..00944ed > --- /dev/null > +++ b/Documentation/fetch-push-security.txt > @@ -0,0 +1,9 @@ > +SECURITY > +-------- > +The fetch and push protocols are not designed to prevent a malicious > +server from stealing data from your repository that you did not intend to > +share. The possible attacks are similar to the ones described in the > +"SECURITY" section of linkgit:gitnamespaces[7]. If you have private data > +that you need to protect from the server, keep it in a separate > +repository. Yup, and then "do not push to untrustworthy place without checking what you are pushing", too? > diff --git a/Documentation/git-fetch.txt b/Documentation/git-fetch.txt > diff --git a/Documentation/git-pull.txt b/Documentation/git-pull.txt > diff --git a/Documentation/git-push.txt b/Documentation/git-push.txt These three look sensible.