see shy jo is a user on octodon.social. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.
see shy jo @joeyh
Follow

So, it's now possible to create a legitimate git repository that Github will refuse to let be pushed to it. The repository is completely safe as long as users are keeping current with security fixes.

This seems to have some interesting applications on the "no I don't accept the Github TOS" front.

· Web · 2 · 3

@joeyh Would you have a link to something that explains the details?

@n8 @liw git has a config option to prevent receiving objects that could be CVE-2018-11235 exploits. Or could just look enough like one.

So, git objects that were legal before are not now, which is an interesting development in a version control system.