Git submodule update command execution
> The git submodule update operation can lead to execution of arbitrary shell commands defined in the .gitmodules file.
How I accidentally took down GitHub Actions
> Commit shorthashes have a major problem: As a repository accumulates a large number of commits, eventually it will contain two commit hashes that start with the same seven characters (and have the same shorthash). After this happens, tools that use shorthashes will start to break because the commit shorthash is ambiguous (it’s no longer a pointer to a single commit). Due to the birthday problem, any repository that has at least 19291 commits is likely to have a pair of ambiguous commits somewhere. So if we waited for the actions/docker repo to have tens of thousands of commits, one of the shorthashes would eventually become ambiguous and break someone’s build.
Game of Trees
> Game of Trees is a work-in-progress version control system which attempts to be appealing to OpenBSD developers.
Game of Trees
> Game of Trees (Got) is a version control system which prioritizes ease of use and simplicity over flexibility. Got is still under development; it is being developed exclusively on OpenBSD and its target audience are OpenBSD developers.
> git-revise is a history editing tool designed for the patch-stack workflow. It’s fast, non-destructive, and aims to provide a familiar, powerful, and easy to use re-imagining of the patch stack workflow.
> last week i got to witness an engineering department lose a full day’s work because if you put an emoji in a git commit message, Atlassian Bamboo chokes on it forever and you’re forced to rebase master, like you should NEVER DO.
Tig: text-mode interface for Git
> Tig is an ncurses-based text-mode interface for git. It functions mainly as a Git repository browser, but can also assist in staging changes for commit at chunk level and act as a pager for output from various Git commands.
sr.ht, the hacker's forge, now open for public alpha
> For those who are new, let me explain what makes sr.ht special. It provides many of the trimmings you’re used to from sites like GitHub, Gitlab, BitBucket, and so on, including git repository hosting, bug tracking software, CI, wikis, and so on. However, the sr.ht model is different from these projects - where many forges attempt to replicate GitHub’s success with a thinly veiled clone of the GitHub UI and workflow, sr.ht is fundamentally different in its approach.
please don't "distrupt" my dotfiles, tech industry
You know what they say, you install someone’s code on your computer, it’s their computer now.
Announcing the May 2018 Git Security Vulnerability
Son of .. returns.
> The solution to this problem is quite simple and effective: submodule’s folder names are now examined more closely by Git clients. They can no longer contain .. as a path segment, and they cannot be symbolic links, so they must be within the .git repository folder, and not in the actual repository’s working directory.
Repo style wars: mono vs multi
> The fundamental difference between the monorepo and multirepo philosophies boils down to a difference about what will allow teams working together on a system to go fastest.
Why you should stop using Git rebase
> I think you should keep your history true. Get comfortable with tools to analyse it, and don’t fall for the temptation to rewrite it. The rewards for rewriting are minimal, but the risks are great. You’ll thank me the next time you are bisecting through your history to track down a sneaky bug.
Exploding Git Repositories
> How do such a tiny repo cause git to run out of memory? The secret is that git de-duplicates “blobs” (which are used to store files) to make repositories smaller and allow using the same blob when a file remains unchanged between commits. Git also allows de-duplication of “tree” objects (which define the directory structure in a repository). git-bomb tries to make a billion files, however it only has 10 references to the file blob and only has 10 tree objects in all.
GitHub Enterprise SQL Injection
Some post deobfuscation code review.
The Helpful Manager
Today’s 15 minutes of git hate, which isn’t really about git, but I choose to blame it anyway.