Arun Raghavan <ford_prefect@xxxxxxxxxx> wrote: > This patch set reintroduces the post-upload-pack hook and adds a > pre-upload-pack hook. These are now only built if 'ALLOW_INSECURE_HOOKS' is set > at build time. The idea is that only system administrators who need this > functionality and are sure the potential insecurity is not relevant to their > system will enable it. *sigh* I guess this is better, having it off by default, but allowing an administrator who needs this feature to build a custom package. Unfortunately... I'm sure some distro out there is going to think they know how to compile Git better than we do, and enable this by default, exposing their users to a security hole. Ask the OpenSSL project about how well distros package code... :-\ I'd like a bit more than just a compile time flag. > At some point if the future, if needed, this could also be made a part of the > negotiation between the client and server. I'm not sure I follow. Are you proposing the server advertises that it wants to run hooks, and lets the client decide whether or not they should be executed? -- Shawn. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html