The mirroring they were using is explicitly meant to be a fast local ad-hoc clone that doesn't do integrity checks.
They used the safe version before, because they were running into problems with the integrity checks, i.e. ref deletions and non-fast-forwards.
What they should have done was to write a hook or a script that did those non-safe updates manually (maybe only for some repositories, and some refs, don't want to rewind e.g. master).
But instead they completely bypassed the safety mechanisms and got screwed by corruption.
They used the safe version before, because they were running into problems with the integrity checks, i.e. ref deletions and non-fast-forwards.
What they should have done was to write a hook or a script that did those non-safe updates manually (maybe only for some repositories, and some refs, don't want to rewind e.g. master).
But instead they completely bypassed the safety mechanisms and got screwed by corruption.