Jeff King <peff@xxxxxxxx> writes: > On Wed, Jan 15, 2020 at 03:18:34AM +0000, 1234dev wrote: > >> To work around this problem, should we instead host this repo on a >> public service? If so which one would you recommend? > > Oops, I forgot to mention the actual solution. :) > > Generally it is safe to clone _from_ an untrusted repo, even if it's on > a local filesystem. So untarring the repo and running: > > git clone evil.git safe > cd safe > git log > > should make it OK to run Git commands inside the "safe" directory. Then there are those who are even more paranoid to consider that foreign bits hitting their disk platter ^W^W working tree poses risks (e.g. by background thumbnailers crawling there, getting exploited by checked out payload that are not trustworthy). ;-)
