Wrote this a little while ago, but got interrupted. Seems to still apply and if not mistaken answers a related question either here or on a different related thread.

With my git software, I routinely retrieve the 1.5.7 (v157) github repo and then move my pointer for my local version to the current published version. This bypasses any merge conflicts that the team may have had to resolve. I also set local tags to the individual released versions which gives me an opportunity to see what differences have been made following a publicly released version. It does entail keeping up pointers to various areas in the distribution and recognizing what are things that were modified for all and what I may be doing locally.

As for configure.php files, I don't normally keep them in the repo as they can cause issues in applying to a chosen site or domain if not purposefully omitted when updating files to said server. Besides the zc_install process will normally generate those files with the format being comparable against the dist-configure.php version. Further if the fileset gets pushed to your online github, unless you have set those files to be ignored, then your credentials are publicly captured in a public repo. If the repo is private, of course the same concern doesn't exist.