Johannes Schindelin wrote: > And there is a good reason _not_ to write stuff inside the `.git/` > directory unless you happen to be, well, Git itself: Git makes no > guarantees whatsoever that you can write into that directory whatever you > want. A future Git version might even write a file `.git/annex`, breaking > `git-annex`' assumptions, and that'd be totally within the guarantees Git > makes. Well git-annex is hardly the only program to decide to carve out part of .git/ for its own use. For example, git-lfs uses .git/lfs/ rather similarly. Anyway, I hope I can ask nicely and not have tne git developers choose to use .git/annex/ for something. Since it would cause a large amount of pain to a large number of users, who would all have to rebase histories of (often massive) git repos to update symlinks pointing there. > No, the vulnerability that triggered this defense-in-depth was not > CVE-2024-32021, but instead CVE-2024-32002, a critical security issue. Ahh, thanks, I understand the concerns a little bit better now. -- see shy jo
Attachment:
signature.asc
Description: PGP signature
