On August 19, 2020 2:48 PM, Lukas Straub wrote: > To: Junio C Hamano <gitster@xxxxxxxxx> > Cc: git <git@xxxxxxxxxxxxxxx>; Elijah Newren <newren@xxxxxxxxx>; > Brandon Williams <bwilliams.eng@xxxxxxxxx>; Johannes Schindelin > <Johannes.Schindelin@xxxxxx>; Jeff King <peff@xxxxxxxx> > Subject: Re: [RFC PATCH 0/2] Allow adding .git files and directories > > On Wed, 19 Aug 2020 11:03:30 -0700 > Junio C Hamano <gitster@xxxxxxxxx> wrote: > > > Lukas Straub <lukasstraub2@xxxxxx> writes: > > > > > These patches allow this and work well in a quick test. Of course > > > some tests fail because with this the handling of nested git repos > changed. > > > > In other words, this breaks the workflow existing users rely on, > > right? I do not know if such a behaviour ever needs to exist even as > > an opt-in feature, but it definitely feels wrong to make the behaviour > > these patches introduce the default. > > Well, the current behavior is that nested repos (that are not submodules) are > completely ignored and none of the files within can be added. So the old > behavior can be restored with .gitignore. The same goes for files/dirs named > .git. > > Of course I don't know what the current policy for behavioral changes in git > is, but I see that there have been such changes in the past. I honestly am concerned about a repeat of things like https://nvd.nist.gov/vuln/detail/CVE-2019-19604 (the submodule update problem). This change in behaviour is of serious concern from a risk standpoint. To be blunt, I don't think users on my platform will move to a version of git that supports this by default. Sincerely, Randall -- Brief whoami: NonStop developer since approximately 211288444200000000 UNIX developer since approximately 421664400 -- In my real life, I talk too much.
