Reply to post: @GnuTzu

Git security vulnerability could lead to an attack of the (repo) clones

Anonymous Coward
Anonymous Coward


You make a valid point, however it requires more context. I mean... you do realize that it's very easy to set up a construction using a specific refspec which makes sure that you don't pull it directly onto the master but another (sub)branch instead?

Or... what if the project makes sure that only production worthy code gets onto the master branch and everything else remains limited to the dev branches?

Ergo: you can pull code onto a production server, but that is no guarantee that it will also immediately go live right away.

Still; how is this any different from, say, a server pulling packages directly from a repository? It doesn't have to pose any risks, depending on context.

You make it sound as if this construction is always a bad idea, but it doesn't have to.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon