On Fri, Jan 15, 2010 at 11:42:19AM +0530, Arun Raghavan wrote: > > Another thought - would it be acceptable to have a config option to > enable/disable these types of hooks, so that people who are not > affected by the problem or explicitly don't care can use them? Perhaps > a core.allowInsecureHooks ? That enable/disable would have to ignore per-repo configuration, which would make it behave differently from other options. Otherwise attacker could just flip the setting... -Ilari -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html