On 2025-04-10 at 22:42:23, Jeff King wrote: > Yeah, that's true in v2.48.0 and later. (I tried it after writing the > earlier email and was a little puzzled that it works with --no-local but > not otherwise, but it sounds like that's known). It is. The reason for that is that we try to hardlink if `--no-local` is not provided, which has all the normal security concerns across ownership boundaries. However, `--no-local` uses the normal `git-upload-pack` mechanism, which we know is secure on untrusted repositories. One thing we could do to improve things is detect if the repository is owned by another user and just set `--no-local` automatically, but that's a #leftoverbits for someone. -- brian m. carlson (they/them) Toronto, Ontario, CA
Attachment:
signature.asc
Description: PGP signature
