Taylor Blau <me@xxxxxxxxxxxx> writes: > Is the proposal to only detect bare repositories that are called `.git`? > I think that's what you're suggesting, though can't we just as easily > embed a bare repository named ".git" in a clone as long as its not in > the root directory? I do not think "you can use your bare repository as before ONLY if the directory is named .git; otherwise you must use GIT_DIR to point at it" would fly; the Glen's exception may help many uses of ".git subdirectory of a non-bare repository as if it were a bare" you can find in tests, but does not help real-world use cases where there may be bunch of bare repositories named "$project.git" at all. But I have to point out that your attack above would not work, as we do not allow ".git" directory in the index to begin with. IOW, you as an attacker may be able to prepare such a tree with nonstandard tools, but the victim won't be able to check it out (and fsck-during-transfer would probably block the cloning).
