Hey. A while ago there was this discussion about security issues with respect to bare repos embedded in another repo[0][1]. I just wondered what's the status on this? Was that fixed in a way that one can clone untrusted repos and navigate / use git commands within them, without any risk… or is it still open? Saw proposed patches like: https://lore.kernel.org/git/pull.1261.git.git.1651861810633.gitgitgadget@xxxxxxxxx/#r But it seems at least as of git 2.37.2, ther's no safe.barerepository option, yet. Also, couldn't the same happen for non-bare repos, too, or how is that prevented for such? Thanks, Chris. [0] https://lwn.net/ml/git/kl6lsfqpygsj.fsf@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/ [1] https://lwn.net/Articles/892755/
