hello, greetings. i am raising a git security red flag on the.git metadata files storing git logs, commits, and other metadata inside .git folder not encrypted using a two way salt or some other way like using a key for a two way encryption or some method of software encryption internally if / because the .git folder metadata is not encrypted. this has been raised to github before but will be raised again via hackerone security bug and to gitlab and altassian and other git repository source users if they are using their own internal modified sources. most of the errors like these will be directly closed. https://kondukto.io/blog/git-scm-affected-by-cve-2024-32002 https://socradar.io/critical-security-updates-for-git-scm-cve-2024-32002-cve-2024-32004-lead-to-rce/ https://stackoverflow.com/questions/45578579/what-file-metadata-is-preserved-by-git even packages like git-crypt do not encrypt metadata. https://github.com/AGWA/git-crypt have a nice day. regards, ganesh k
