On Fri, Nov 25, 2011 at 6:39 PM, Andreas Ericsson <ae@xxxxxx> wrote: > People who fetch but don't push is, by far, the vast majority of git users. > Think of everyone fetching from any public software repository without > having write access to it. If you think of git.git and linux.git alone > I think it's safe to assume the number of "fetch-no-push" outnumber the > "push-and-whatnot" group by some quarter million to one. But in those environments the person pulling does not even have an ID so how is he at risk with the hook running? >> I may be wrong but I imagine shared environments are those where >> almost everyone will push at least once in a while. It's a closed >> group of people, probably all developers, etc etc etc... >> > > Not really. We fetch from each other quite a lot at work, and from > each others semi-public repositories on a shared server where we've > all got accounts (ie, write access), but we very, very rarely push > into each others repositories. The sharepoint is the "official" repo > on the repo-server, which the buildbots gets its code from and where > everything to be released, maintained or handled in some way in the > future resides. Yes, and this is the only situation where it does have the issue. I'm just not sure how common this is. It's fine if you tell me I'm wrong and that this *is* still very common. I'll back off. But everyone seems to be bringing in github and public repos as part of the argument, and I don't see how they're relevant to the original security issue of the guy who pulls having his account compromised. > Anyways. Shooting down the arguments *against* pre-upload hooks are > quite silly if it's not combined with some fresh arguments *for* such > a hook. > > So... What usecase do you envision where you'd need one? I'm writing a caching proxy that helps with bandwidth issues when too many people in a bad-WAN site want to clone some huge repo from its canonical site. The only one I found by googling fiddles with the git protocol itself, and I hate doing things like that. Ignoring all the details, the pre-upload hook would have checked some conditions and fired off a fetch from the remote site if those checks passed. It's easy enough to do it from cron but it would have been more elegant this way. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html