

Git is dangerous - anand-s
http://blog.codehate.com/post/125348235274/git-is-dangerous

======
informatimago
Doesn't explain why it's dangerous.

Unless you provide a PUT access to it.

I explicitely leave .git on http, so that people may also clone it from there
in addition to ssh and gitlab and github.

Seems to be of the same cagetory as
[http://www.dhmo.org/facts.html](http://www.dhmo.org/facts.html)

~~~
detaro
The article seems to be following the recent bunch of articles about web pages
(that use git to deploy) leaving .git accessible and exposing source code or
secrets.

So not about access to public git repositories via HTTP, but accidentally
exposing private repos by not protecting .git.

------
krapp
Using git as a deployment tool is dangerous.

Although if I were to suggest just using SFTP to move everything but the .git
file and not even have it on the remote server at all, I would probably just
seem like a drooling neanderthal.

Although actually not having the repo be web accessible is probably the second
best option.

