I think the breaking feature of `safe.directory` config -- within the basic CLI is a dubious development decision. The thing is, `git` is fine as it's been for the last few years, and it doesn't really need any features, especially breaking ones. This is, of course, boring for its current maintainers, dealing with just the bugs and optimisations, I can totally relate to that, and I'm forever grateful for their selfless work, still, sometimes, enhancement is not the answer -- but instead, modularisation is. So, I think this *breaking* "security" feature is a bit too much now that I've stumbled upon it for the second time recently -- this time, within a "ruby-git" Ruby gem suddenly failing on me (as I'm sure there are many `git`-CLI-based component's users being confused and unhappy as I write this) -- following years of being a happy user (and an actual promoter of healthy git-based dev processes, see https://medium.com/@costa/git-decentralized-a25f00fd2955 for instance) and I have to speak up. I know a thing or two about security, and one of those things that I know is that you cannot improve security for ignorant people, unless you either (a) really restrict their actions, or (b) properly educate them. The reasoning I've seen for this feature that I've seen talks about users being too smart about their shell prompts and being too stupid about going into some maliciously crafted git repos' working directories. Well, this looks like a very specific (even exotic) case to me -- for bringing a whole new aspect into the core git functionality -- especially if you consider the vast (and I mean *vast*) majority of git usages. But even if we take this very seriously, and decide that this should go into the very basic git functionality -- instead of, you know, easily wrapping `git` within an interface component, CLI or not -- with this aspect taken care of; even so, we won't help the ignorant users, who would just google the "dubious ownership" error, arrive at the common advice of `git config --global --add safe.directory '*'` -- from the search results page, not even going into the source info web page -- and go back to their "insecure" comfort zone. To summarise, I think that this "extra" functionality (and actually complex security aspect in general) should be removed from the basic git CLI. And again, kudos to the maintainers who are mostly just the best.
