Daniel P. Berrangé wrote:
> On Fri, Aug 10, 2018 at 11:27:43AM +0200, Pierre-Yves Chibon wrote:
>> On Fri, Aug 10, 2018 at 10:16:13AM +0100, Daniel P. Berrangé wrote:
>>> ability to write to git, but there are a variety of ways to deal with that.
>>
>> I'm pretty sure we used to do this at one point but one of the issue is that
>> tags are no immutable, packagers can change them even if we block force push.
>> I believe this is why we no longer do this :)
>
> A git commit "update" hook can be used to block deletion or modification
> of any existing tags.
Indeed. The default update hook provides exactly such a
capability (as well as others to prevent deletion of tags
and pushing lightweight tags). The tag can be found in the
git source:
https://git.kernel.org/pub/scm/git/git.git/tree/templates/hooks--update.sample
and in the git-core package:
/usr/share/git-core/templates/hooks/update.sample
Similarly, a hook could be used to disallow the tagging
service from writing to anything outside of refs/tags to
help allay the concerns about a service having write access
to the git repositories.
Also, many thanks to Pingou and everyone who helped to add
this feature!
--
Todd
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Disobedience, n. The silver lining to the cloud of servitude.
-- Ambrose Bierce, "The Devil's Dictionary"
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/67SF65KTHOFV2DG7TKHMTDBPJR742M7C/
