Johannes Sixt wrote:
Consider this: You accidentally push a branch with confidential data to a
public repository. You notice it early, and quickly delete the branch
using 'git push the-repo :refs/heads/that-branch'. At this time the
objects with the confidential data are still lingering in the public
repository. But with the current behavior noone can access them even if
the SHA1 happens to be known.
Doesn't this line of reasoning only apply to the ssh and git transports?
(ie, the file and rsync transport would retrieve it regardless)
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
