[ktm5j]

VS Code will helpfully warn you when you open a folder that has a git repository.. it asks if you trust the developers since opening the folder could result in bad things happening. So this might not be such a big deal for VS Code users.

[acdha]

I think that assumption is very dangerous: if your editor only prompts when you first open the project, it won’t help when that project is compromised later or if you checkout a merge request from someone untrustworthy/compromised and are mentally thinking “my project is safe” even though you’re a single gh/glab command away from that directory having anything an outside party wants.

[ceejayoz]

You know they're just gonna click yes, right?

That prompt is just there so they can say "your fault!"

[ktm5j]

Well, in that case it totally is their fault...