On 2022-01-17 at 22:39:12, John A. Leuenhagen wrote: > I've been trying to work with the core.sharedRepository option today. > > Based on the wording in the man page, I was under the impression that > this would affect all files in any type of repository (bare or not), but > it seems as though this is not the case. It affects bare repositories as > one would expect, but it only affects the .git directory on non-bare > repositories. The working tree is not affected by the option at all. > > I doubt that I'm the first person to encounter this issue, and I'm not > sure why this behavior would be desirable. If for some reason it is > discouraged to share a working tree between users in a group, I don't > believe this option should affect non-bare repositories at all; there > should be a warning about any dangers associated with this kind of > setup instead. I can't speak to how this feature is supposed to work on the working tree, but it is generally the case that users should not share a working tree. Any user who can modify the configuration can cause arbitrary code to be executed by every other user of the repository when they run almost any Git command. The only safe thing to do with an untrusted repository is perform a clone or fetch from it. It may be in your case that all the users are trusted (e.g., all system administrators), but in general it's strongly recommended that users not share a working tree. There'll be an entry in the FAQ describing this in the future. That doesn't mean that this feature couldn't be extended to handle the working tree, but I did want to provide some context on why working trees aren't intended to be shared. -- brian m. carlson (he/him or they/them) Toronto, Ontario, CA
Attachment:
signature.asc
Description: PGP signature
