On Wed, Jan 15, 2020 at 03:18:34AM +0000, 1234dev wrote: > To work around this problem, should we instead host this repo on a > public service? If so which one would you recommend? Oops, I forgot to mention the actual solution. :) Generally it is safe to clone _from_ an untrusted repo, even if it's on a local filesystem. So untarring the repo and running: git clone evil.git safe cd safe git log should make it OK to run Git commands inside the "safe" directory. Jonathan Nieder also mentioned using a bundle file, which may be even simpler, as it skips the part where you have to deal with tar. :) Run: git bundle create foo.bundle --all on the sending side, and then you can just: git clone foo.bundle safe on the receiving side. -Peff
