For anyone who has used the slides from my Show and Tell on source control in January or the subsequent NotesIn9 episode, the recommended Git / Mercurial client was SourceTree. It’s an excellent tool for those who prefer a GUI and runs on Windows and Mac. The advice at the time was to use the embedded Git / Mercurial. For most XPages developers, who were only pushing and retrieving files via SourceTree, that was adequate.
However, overnight I became aware of a security vulnerability with Git and Mercurial. Atlassian have confirmed it only affects client-side, so Stash does not need patching. But SourceTree does. As a result, the recommendation is to install the standalone Git and Mercurial software, and point SourceTree to that. The Git installer, in particular, goes through a number of screens with a variety of options. Cross-referencing that to the slides from my Show and Tell, the defaults I was presented with can be accepted: the one caveat when I was installing it for Stash was to ensure the Adjusting your PATH environment option was set to Run Git and include Unix tools from the Windows Command Prompt, which was already selected for me.
The instructions linked to from SourceTree’s blog post are very straightforward, so don’t be discouraged into putting it off.
Update:
SourceTree have released new versions of the clients, allowing you to update the embedded Git / Mercurial https://blog.sourcetreeapp.com/2014/12/18/atlassian-update-for-git-and-mercurial-vulnerability/. This may be a preferred option for many.
