Junio C Hamano <gitster@xxxxxxxxx> writes: > Derrick Stolee <derrickstolee@xxxxxxxxxx> writes: >>> - The per-repo config is not "protected" (i.e. "trusted"), because? >>> If we are not honoring a configuration in the repository, why are >>> we working in that repository in the first place? >> >> This requires an example: >> >> Some workflows use repositories stored in shared directories, >> which are writable by multiple unprivileged users. > > Isn't the reason more like "users may go spelunking random places in > the filesystem, with PS1 settings and the like that causes some > "git" command invoked automatically in their current directory, and > we want to protect these users from getting harmed by a random > repository with hostile contents in their configuration and hooks > without even realizing they have wandered into such a repository"? Hm, this is my understanding as well, i.e. `safe.directory` is meant to protect you from shared repositories that you didn't expect, but it lets you trust the shared repositories that you need (and there is no protection once you decide to trust the repo).
