Jeff King <peff@xxxxxxxx> writes:
> On Mon, May 12, 2025 at 05:42:08AM -0700, Junio C Hamano wrote:
>
>> > I noticed because I have a patch series from last summer tightening
>> > these rules (it got derailed by some conflicting work, and I've been
>> > meaning to pick it back up). I can certainly adjust these tests as part
>> > of that series, but if you're re-rolling anyway, it might be nice to do
>> > it now.
>>
>> True, and exported one is a sort-of-normal-looking isolated history,
>> so it does not have any strong reason to be at the top level. But I
>> am curious what your plans are to deal with .git/refs/stash itself?
>
> My series is only about the absolute top-level, outside of refs/. So
> "refs/stash" is OK, but "stash" is not.
Ah, OK. It would be good to forbid things outside refs/, and
tightly control the top level, so $GIT_DIR/config and
$GIT_DIR/objects/[0-9a-f]{2}/[0-9a-f]{38} won't be clobbered.
refs/stash is probably fine. Creating refs/head to nuke all local
branches might also be something we want to protect against, though.
Thanks.
