The problem: We develop systems for banks. These systems are (theoretically) highly secure and almost always protected by quite fierce NDA's. Consequently, whilst there is some shared code between the various projects, a lot of it is entirely separate. That said, it would be catastrophic if code or documentation from one project 'bled' into another project owned by a different client. This problem is exacerbated by two clients requiring that we push code to their repo (part of our contractual requirements).
Hitherto, we've simply used a completely independent repo for each client. Of course this means that in some cases we have duplicates of the same code modules; changes/fixes are inevitably lost if an update is made in one repo and not distributed to the others. It would be much better if we only had to maintain one copy of such files.
Another approach, of course would be to use a branch for each client but I've found the overhead of merging between branches is unsupportable. Also, I've looked at git sub-modules but, again, these seem to be too fraught with peril in that a careless commit could comprise the 'Chinese walls' between the projects and merging seems to be even more complicated than just by forking the project (see http://codingkilledthecat.wordpress.com/2012/04/28/why-your-company-shouldnt-use-git-submodules/). I hate implementing systems where a developer has to remember a particular procedure because, when things are done in a hurry, mistakes are inevitable.
Obviously first prize would be to have one single repository but where only certain directories or files are uploaded to a specific remote repo. While I appreciate that this could be accomplished to a certain extent by using .gitignore and individual branches per client, I'm concerned that finger-trouble (if someone edits the .gitignore file inappropriately), could cause the very thing I'm trying to avoid.
Almost all of our development platforms are Linux based but the development environment for one legacy system can only operate on Windows XP and it won't run under Wine for some reason (linked to the Java runtime I suspect but that's a story for another day).
I've considered using rsync or symbolic links to share the common files but it seems tacky and may also cause trouble if some idiot changes the file dates on old versions of a source module. At the moment we have too many individual repositories and duplicate modules for my liking and I can see it causing trouble down the track. I figure this must be a fairly common problem and I'm sure someone has handled it in a stable, platform-independent way that doesn't assume developers never make mistakes on commits.