From e220a617bcd54e5fd324e21e418fff7c3c3f170a Mon Sep 17 00:00:00 2001
From: Richard Hartmann <richih@debian.org>
Date: Tue, 21 Jan 2014 15:56:15 +0100
Subject: [PATCH] vcsh: Initialize repos with --shared=0600

Configurations and other dotdir content may be highly confidential.

Ensure we're not leaking/exposing information by making vcsh
repositories user-accessible, only.

Thanks to Enrico Zini for realizing this was a problem.
---
 vcsh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vcsh b/vcsh
index 5d502e7..993c8ed 100755
--- a/vcsh
+++ b/vcsh
@@ -221,7 +221,7 @@ init() {
 	[ ! -e "$GIT_DIR" ] || fatal "'$GIT_DIR' exists" 10
 	mkdir -p "$VCSH_BASE" || fatal "could not create '$VCSH_BASE'" 50
 	cd "$VCSH_BASE" || fatal "could not enter '$VCSH_BASE'" 11
-	git init
+	git init --shared=0600
 	upgrade
 	hook post-init
 }
-- 
GitLab