On Fri, Apr 15, 2022 at 06:18:14PM -0700, Junio C Hamano wrote: > Taylor Blau <me@xxxxxxxxxxxx> writes: > > > Is the proposal to only detect bare repositories that are called `.git`? > > I think that's what you're suggesting, though can't we just as easily > > embed a bare repository named ".git" in a clone as long as its not in > > the root directory? > > I do not think "you can use your bare repository as before ONLY if > the directory is named .git; otherwise you must use GIT_DIR to point > at it" would fly; the Glen's exception may help many uses of ".git > subdirectory of a non-bare repository as if it were a bare" you can > find in tests, but does not help real-world use cases where there > may be bunch of bare repositories named "$project.git" at all. Agreed. > But I have to point out that your attack above would not work, as we > do not allow ".git" directory in the index to begin with. IOW, you > as an attacker may be able to prepare such a tree with nonstandard > tools, but the victim won't be able to check it out (and > fsck-during-transfer would probably block the cloning). Makes sense, and thanks for the reminder; I agree. Thanks, Taylor
