Hacker News new | comments | show | ask | jobs | submit login

Is this a vulnerability in some way? Like could I replace someone's git-add binary to expose private source code? It scares me that someone can change my git behavior so easily.

If someone can replace your `git-add` binary or put their own in a directory earlier in your $PATH, they can do the same with `git`, `ls` or any other program.

If someone's running an executable you give them without knowing what it actually is, their security is already lost. So yeah, that's a problem, but nothing specific to Legit or git.

How is that any different than replacing any other binary in your filesystem?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact