GitHub Desktop is one of those terrible applications that I still have to use occasionally, much to my regret. I can’t tell you if a five-year-old or a cat coded it, but this application with relatively straightforward functionality has more bugs than Florida.

Sometime in the spring of 2022, GitHub was alerted to a couple of particularly egregious security holes in its desktop app. The gods of coding lept into action and replaced the old bugs with new ones. Since then, GitHub Desktop users have been haunted by idiotic and redundant error messages and other problems impeding their workflow.

GitHub tried to fix its earlier fixes but failed. Get a load of this release note from July’s version 3.0.5:

Surface again Git’s warning about unsafe directories and provide a way to trust repositories not owned by the current userhttps://desktop.github.com/release-notes/

This issue was introduced in April’s release, then “fixed,” then brought back, and then GitHub gave up, having been defeated by its own patch.

Enter the workarounds. If, like me, you have lots and lots of local repos, the command below will find them and add them to the “safe” list. Unfortunately, the .gitconfigsyntax does not support wildcards, otherwise, this scripting nonsense would not have been necessary.

dirname $(find I:/GitHub -name .git -type d -prune) | while read line; do 
  sed -r -i $"/\[safe\]/a directory = $line" ~/.gitconfig
done

Just replace I:/GitHub with whatever parent path containing your repos. And then there is the issue of GitHub Desktop overwriting your .gitconfig with nonsense. This is also new. You can try protecting the file by making it read-only (chattr -r ~/.gitconfig), but this may not work. I suggest just making a backup copy.

The other redundant and very annoying “warning” is the infamous “Untrusted server” popup that greets you every time you launch GitHub Desktop and then throughout your sessions at random intervals.

The “attackers” are most definitely not trying to steal your data. The far more likely cause is that one of the repos in your collection is located on a server that cannot be reached from your current network. For example, I see this error on my work laptop when not connected to the company VPN.

Unfortunately, I don’t know what to do about this one.