Sure, but you said that was the end of the day analysis, and I didn't think you went far enough in your analysis.

FWIW, I'm not thinking about git at all since I use Mercurial, and never enabled vc hooks in my emacs, which is based on 25.3.50.1, so wasn't affected by this exploit - I tested. I use git and hg only from the command-line.

My end-of-day analysis is to avoid git entirely if you can't trust its security model. ;)

Should the emacs developers also do more to secure emacs against ImageMagick exploits?