On Mon, 2016-11-14 at 11:00 -0800, Junio C Hamano wrote: > Matt McCutchen <matt@xxxxxxxxxxxxxxxxx> writes: > > > > > > > > > Yup, and then "do not push to untrustworthy place without > > > checking > > > what you are pushing", too? > > > > If there is no private data in the repository, then there is no > > need > > for the user to check what they are pushing. As I've indicated > > before, > > IMO manually checking each push would not be a workable security > > measure in the long term anyway. > > Then what is? Don't put private data in the same repository, then the whole issue becomes moot. Am I missing something? Matt