For simple static sites, I use a workflow very similar to this one[1]. It takes a minute or two to set up, but once it's all configured, you can deploy to your heart's content without ever worrying about exposing your .git directory to the world.
No. Not this. index.html has no business being in the root of your project.
Always, and I mean always put your web content into a directory separate from the root of your .git archive. This is the easiest way to avoid all of these problems.
Rails calls this directory "public", but it could be whatever you want, so long as what's mounted on your web server is not the root.
* Any folder in your project can have index.html and indeed it should have.
* Parent talks about static pages, not about rails-ruby/php/python project.
But i get your point : If somehow somebody screw with servers config, there is a risk to expose your apps files & configs. You can follow parents advice but set your root path in apache/nginx config to /var/www/www.example.org/public instead of /var/www/www.example.org
Even a static site can be structured so that the .git directory is outside of the main public mount.
This gives you a natural place to store notes, documentation, and other non-public content.
It's not about screwing with the server config, it's so that it takes several stupid mistakes before your .git folder is flapping in the breeze, not just one. Being one configuration directive away from embarrassing failure is not a good idea.
> Being one configuration directive away from embarrassing failure is not a good idea.
I can't stop but thinking about PHP webapps, for instance Wordpress serves wp-index.php in the same directory as wp-config.php, indeed only one configuration directive away from blowing it all up in your face.
I would guess it's a configuration error around something like smart extensions, maybe? "If the clean URL has a .xml at the end, send the request through PHP."
Dumb, but it's the only thing I can come up with offhand.
[1] http://toroid.org/ams/git-website-howto