RE: why can't one alias `git stash`?

[<rsbecker@nexbridge.com>]

On August 15, 2025 12:04 AM, Elijah Newren wrote:
>On Thu, Aug 14, 2025 at 7:15 PM Christoph Anton Mitterer
><calestyo@scientia.org> wrote:
>>
>> Hey.
>>
>> On Thu, 2025-08-14 at 18:23 -0700, Junio C Hamano wrote:
>> > Look for "alias.*" in "git help config".
>> >
>> >         To avoid
>> >       confusion and troubles with script usage, aliases that
>> >       hide existing Git commands are ignored.
>>
>> Can't one add some kind of override for this?
>
>No.  And there won't be one in the future either; see e.g.
>https://lore.kernel.org/git/alpine.DEB.1.00.0903070407480.10279@pacific.mpi-
>cbg.de/
>
>> Cause AFAIU, my command
>> from below would not hide the other commands, or would it?
>
>The documentation you are responding to didn't talk about "other"
>commands, it talked about "existing" commands.  Your alias, meant to invoke `git
>stash` with different arguments, would hide the existing `git stash` command.
>
>It might also be an infinite loop of sorts, since your `git stash` alias invokes `git stash
>...` which is...itself.
>
>And it'd mean that other folks who use git commands in their scripts now can't rely
>on any git commands doing what their documentation claims.
>
>> >       If the alias expansion is prefixed with an exclamation
>> >         point, it will be treated as a shell command.
>>
>> Well I kinda thought that... still wouldn't though if it was detailed
>> what exactly happens :-)
>
>Doesn't it detail what happens already?
>
>           If the alias expansion is prefixed with an exclamation point, it will be treated as
>a shell command. For example, defining alias.new = !gitk --all --not
>           ORIG_HEAD, the invocation git new is equivalent to running the shell
>command gitk --all --not ORIG_HEAD. Note that shell commands will be executed
>from the
>           top-level directory of a repository, which may not necessarily be the current
>directory.  GIT_PREFIX is set as returned by running git rev-parse --show-prefix
>           from the original current directory. See git-rev-parse(1).
>
>What is missing from this explanation?

Aside from the above, hiding an existing command would potentially allow a
man-in-the-middle attack. Imagine changing git clone to be something else,
like cloning a hostile repository. Hiding existing commands could result in a
HIGH severity CVE in git - I would consider it as such. Please ensure that no
fix/enhancement is done to support this request.

--Radall