On Sun, Nov 11 2018, Duy Nguyen wrote: > On Sun, Nov 11, 2018 at 1:33 PM Ævar Arnfjörð Bjarmason > <avarab@xxxxxxxxx> wrote: >> The users who need protection against git deleting their files the most >> are exactly the sort of users who aren't expert-level enough to >> understand the nuances of how the semantics of .gitignore and "precious" >> are going to interact before git eats their data. >> >> This is pretty apparent from the bug reports we're getting about >> this. None of them are: >> >> "Hey, I 100% understood .gitignore semantics including this one part >> of the docs where you say you'll do this, but just forgot one day >> and deleted my work. Can we get some more safety?" >> >> But rather (with some hyperbole for effect): >> >> "ZOMG git deleted my file! Is this a bug??" >> >> So I think we should have the inverse of this "precious" >> attribute". Just a change to the docs to say that .gitignore doesn't >> imply these eager deletion semantics on tree unpacking anymore, and if >> users want it back they can define a "garbage" attribute >> (s/precious/garbage/). >> >> That will lose no data, and in the very rare cases where a checkout of >> tracked files would overwrite an ignored pattern, we can just error out >> (as we do with the "Ok to overwrite" branch removed) and tell the user >> to delete the files to proceed. > > There's also the other side of the coin. If this refuse to overwrite > triggers too often, it can become an annoyance. So far I've seen two > reports of accident overwriting which make me think turning precious > to trashable may be too extreme. Plus ignored files are trashable by > default (or at least by design so far), adding trashable attribute > changes how we handle ignored files quite significantly. Yeah I'm not trying to make the argument that we should just go with these user bug reports, clearly that's just going to give us selection bias and we could continue to flip between the two behaviors with that approach. Just that an advanced opt-in feature to prevent dataloss will not prevent it in practice. Is taking my patch the right thing? I don't know. I'm leaning in that direction, but more making a devil's advocate argument to see if anyone finds good cases that'll demonstrate how it's bad. I haven't read/seen them so far, and the test suite didn't have any. I did go through the list archives as Junio suggested in https://public-inbox.org/git/7viq39avay.fsf@xxxxxxxxxxxxxxxxxxxxxxxx/ and found these two: https://public-inbox.org/git/?q=d%3A20070301..20070331+verify_absent It seems to me that the reason we ended up with this behavior is a bug report from Shawn that was describing a similar but not quite the same problem: "[...]a bug in read-tree -m that prevents him from switching branches when the type of a path changes between a directory and a file.[...]" That's not the same as when a now-tracked file clobbers a .gitignored file. As far as I can tell (but may not have read carefully enough) that wasn't a problem anyone reported, but was changed while fixing another bug in c81935348b ("Fix switching to a branch with D/F when current branch has file D.", 2007-03-15).
