Re: [PATCH] gitfaq: document using stash import/export to sync working tree

public inbox for git@vger.kernel.org 
 help / color / mirror / Atom feed

From: "brian m. carlson" <sandals@crustytoothpaste•net>
To: Junio C Hamano <gitster@pobox•com>
Cc: git@vger•kernel.org
Subject: Re: [PATCH] gitfaq: document using stash import/export to sync working tree
Date: Fri, 9 Jan 2026 20:11:41 +0000	[thread overview]
Message-ID: <aWFg_VUZH5_ZqTix@fruit.crustytoothpaste.net> (raw)
In-Reply-To: <xmqqseceua9j.fsf@gitster.g>

[-- Attachment #1: Type: text/plain, Size: 1352 bytes --]

On 2026-01-09 at 14:32:40, Junio C Hamano wrote:
> "brian m. carlson" <sandals@crustytoothpaste•net> writes:
> 
> > Git 2.51 learned how to import and export stashes.  This is a
> > secure and robust way to transfer working tree states across machines
> 
> Here "secure" in "secure and robust" triggered my "huh?" sensor.  It
> is a robust way, but is there something particularly "secure" about
> it, other than "it is less likely to break your repository" in the
> sense that is already covered by "robust".

We know that sharing a working tree with different users is not secure
because people can have things like hooks or config options that execute
arbitrary code.  Transferring stashes doesn't have that downside.

Considering that we used to explain that the only way to do this was to
rsync the working tree across machines, this option is more secure than
the previous option since it avoids any potential code execution.  It
also avoids syncing things like ignored `.env` files, which people often
use to store secrets, since `git stash` doesn't transfer ignored files
(but rsync often does).

But if you disagree and prefer to remove it, please feel free to edit
the commit message before you merge to next, or let me know and I can
send a v2 if you prefer.
-- 
brian m. carlson (they/them)
Toronto, Ontario, CA

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 262 bytes --]

next prev parent reply	other threads:[~2026-01-09 20:11 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-01-09  1:46 [PATCH] gitfaq: document using stash import/export to sync working tree brian m. carlson
2026-01-09 14:32 ` Junio C Hamano
2026-01-09 20:11   ` brian m. carlson [this message]
2026-01-10  1:56     ` Junio C Hamano

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=aWFg_VUZH5_ZqTix@fruit.crustytoothpaste.net \
    --to=sandals@crustytoothpaste$(echo .)net \
    --cc=git@vger$(echo .)kernel.org \
    --cc=gitster@pobox$(echo .)com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox