[$] The risks of embedded bare repositories in Git

Running code from inside a cloned Git repository is potentially risky, butnormally just inspecting such a repository is considered to be safe. As arecent posting to the Git mailing list shows, however, there are stillrisks lurking inside these repositories; code that lives in them can betriggered in unexpected ways. In particular, malicious "bare" repositoriescan be added as a subdirectory of a repository; they can be configured to runcode whenever Git commands are executed there, which is something that canhappen in surprising ways. There is now an effortunderway to try to address the problem in Git, without breaking thelegitimate need for including bare repositories into a Git tree.