
Git v2.24.1 and Others - eplanit
https://lwn.net/Articles/806972/
======
mappu
_> CVE-2019-1351: While the only permitted drive letters for physical drives
on Windows are letters of the US-English alphabet, this restriction does not
apply to virtual drives assigned via subst <letter>: <path>._

These are strange - subst can create them in some cases (e.g. É:\ or 5:\\) but
they don't show up in subst's list output, nor in This PC, and Explorer can't
browse them. But cd/dir works from a Command Prompt.

------
Someone

       CVE-2019-1353:
         When running Git in the Windows Subsystem for Linux (also known as
         "WSL") while accessing a working directory on a regular Windows
         drive, none of the NTFS protections were active.
    

I don’t understand that one. Doesn’t that imply a security bug in Windows?

One can run a WSL command from the Windows command prompt
([https://docs.microsoft.com/en-
us/windows/wsl/interop](https://docs.microsoft.com/en-
us/windows/wsl/interop)), and apparently, such a command can bypass NTFS
protections.

------
mikece
I wish Mercurial would have won.

~~~
The_rationalist
Mind to explain why?

~~~
mikece
It was easier to learn, shell integration with Windows existed (TortiseHg),
help files were more gentle to newbies. Ultimately, I realize that Git "won"
more because of Github than any specifically outstanding merits that Git
itself had; if BitBucket had delivered what GitHub did in Hg before GitHub, I
think we would all be Hg users right now.

~~~
gus_massa
Most of the horror stories with git are when people try to do crazy rebases.
If you minimize the number of rebases, it is fine. (And in case you need to
make some crazy rebase, remember to use tags to keep alive the old version in
case it is necessary to undo all the mess.)

I use TortoiseGit [https://tortoisegit.org/](https://tortoisegit.org/) 99% of
the time, it's very similar to TortoiseHg.

~~~
dagenix
git reflog can be used to restore the last good commit before a rebase gone
wrong. It's more of a pain to use that just resetting to a tag, but, it's a
great safety net.

