On Thu, Apr 21, 2022 at 02:01:44PM -0700, Emily Shaffer wrote: > I don't think there is much reason to continue searching above the > first found '.git' because we disallow '.git' from being committed or > checked out, right? So this extra filesystem hunting and ceiling math > seems unnecessary to me. I know I am slightly allergic to searching > the filesystem for a parent repo to begin with, so I'm sure I've got > some bias here ;) Right; once we find a non-bare embedding repository we should absolutely stop our search. I was suggesting we could stop our search earlier for environments that use non-embedded bare repositories with a fairly deep directory structure. E.g., if you store lots of bare repositories in /data/repositories and you know that none of them are embedded, we could quickly determine whether or not the cwd is a descendent of /data/repositories and avoid the search entirely if so. > > We'd probably want to allow saying "all embedded bare repositories are > > safe to read config/hooks from", too. I hadn't considered this approach > > as a way to read some embedded repos and not others; I suspect the > > overwhelmingly common use-case would be: `git config --local > > safe.embeddedRepo '*'`. > > Ah, I dislike this option for the exact reason I mentioned - avoiding > a malicious repo being snuck in next to legitimate repos. I'd prefer > to rely on exact matching only - but as the config needs to be set by > every contributor every time the set of bare repos changes, that > sounds impossible to manage for a project which may be constantly > adding and removing these repos. I share your distaste for this sort of thing, but I think we have to recognize that there are likely to be many repos that embed dozens or more bare repos inside of them, and asking them to opt-in each one individually seems like a fairly large request for Git to make of them. > That said.... I'm biased again, but if you want to be certain of the > state of another repository in order to run tests in it... why not use > a submodule for that repository? Not a helpful comment for those > already using embedded bare repos, though ;) Exactly, re: your last sentence. > Thanks for the food for thought. Ditto! Thanks, Taylor
