The risks of embedded bare repositories in Git

Posted Apr 29, 2022 2:32 UTC (Fri) by Alan.Stern (subscriber, #12437)
Parent article: The risks of embedded bare repositories in Git

Maybe I'm dumb, but I don't see why the article concentrates on the dangers of embedded bare repositories. Isn't any embedded repository just as potentially dangerous, whether it is bare or not?

The risks of embedded bare repositories in Git

Posted Apr 29, 2022 12:13 UTC (Fri) by mathstuf (subscriber, #69389) [Link] (1 responses)

Full repos show up as submodules which go through `clone` and therefore do not pull a config file. Maybe one could craft a tree to commit a non-bare repository, but the tooling would likely barf as it would expect a submodule or try to convert it to one at some point.

The risks of embedded bare repositories in Git

Posted Apr 29, 2022 14:42 UTC (Fri) by johill (subscriber, #25196) [Link]

It does in fact not even like to check out such a repo, saying

"error: invalid path 'inner/.git/config'"

or such things.