On Thu, Apr 17, 2008 at 12:50:08PM -0700, Roman V. Shaposhnik wrote: > Doing clone of the *remote* > repository is a safe operation under such assumptions. Once you cloned > it, you might need to eyeball the content of .gitconfig if you're really > paranoid. No, I don't think it is right. It is absolutely unacceptable to expect all users to be aware of some hidden file and to eyeball it just to be sure that the next 'git log' (or some other normal git operation) will not remove all their files from the disk. Perhaps, I have not followed this discussion carefully, so I am not sure what .gitconfig is intended to solve. But if you think that _blindly_ adding some options to other people configurations is a good idea, I have to disagree with you. Some options may be useful in some cases or for some platforms, but not for others. So, having a single .gitconfig is going to be a bad fit for some users. Thus a more flexible and more secure solution is needed, and it already exists. You can put git-configure at the top of your repository and tell people to run it after cloning. In this way, anyone can inspect this script and if they trust they will run it. This script can check on what system git is running on, and maybe ask questions, etc, so it can be really helpful for wide category of users. Dmitry -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
