Yeah always tracking and uploading everything seems nice but brings with it security concerns. For example, if I generate a secret key or store a private keyfile into the repo before remembering to gitignore... err I mean graceignore it, then that key gets uploaded to the cloud. Oops.
In Git these mistakes are more easily avoided as you are deliberate about what you commit and what stays local.
> In Git these mistakes are more easily avoided as you are deliberate about what you commit and what stays local.
And yet GitHub has built an entire security feature - Secret Scanning - because developers do not easily avoid checking in secrets.
We have to face the fact that Git not being able to delete versions easily is a bug, not a feature, and that we do indeed sometimes need to delete versions from a repo. And so we've built a set of workarounds for Git to prevent pushes from succeeding when secrets have already been committed locally. It's not ideal.
Grace will enable a combination of hoster-level Secret Scanning with a native ability to delete a version that you don't want. Imagine that you accidentally save a secret, it ends up in your personal branch as a Save reference, Secret Scanning catches it and prompts you about it: "A secret was detected. Should I delete that version for you?"
No rewriting, no "hey Copilot how do I fix my repo after I committed a secret?", just one click and it's gone.
In Git these mistakes are more easily avoided as you are deliberate about what you commit and what stays local.