On Wed, Jun 24, 2009 at 3:57 PM, Shawn O. Pearce<spearce@xxxxxxxxxxx> wrote: > Johan S?rensen <johan@xxxxxxxxxxxxxxxxx> wrote: >> I'm wondering what the reason is that objects are still being stored, >> despite a non-zero exit code from the pre-receive hook? > > The pre-receive hook is allowed to inspect the objects that have > been uploaded in order to make its access decision. Thus those > objects must have been unpacked (or indexed into a new pack) so > git commands in the pre-receive hook can read them. Yeah, noticed that after I started digging into the code a bit >> If it's expected and accepted behaviour, what other options do I have >> to prevent a scenario like the above? > > There currently isn't a way to stop this, other than to use something > in front of git-receive-pack, e.g. Gitosis, to deny even forking > the receive-pack binary for the user. Well, I already wrote such a thing (Gitorious.org) but I want to take the auth a little bit further and offer some more fine-grained access-controls and discovered the above during some smoke testing. > > -- > Shawn. Thanks JS -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html