So, it's now possible to create a legitimate git repository that Github will refuse to let be pushed to it. The repository is completely safe as long as users are keeping current with security fixes.

This seems to have some interesting applications on the "no I don't accept the Github TOS" front.

@joeyh Would you have a link to something that explains the details?

@n8 @liw git has a config option to prevent receiving objects that could be CVE-2018-11235 exploits. Or could just look enough like one.

So, git objects that were legal before are not now, which is an interesting development in a version control system.

Sign in to participate in the conversation

Octodon is a nice general purpose instance. more