Jeff King <peff@xxxxxxxx> writes: > Bob could run a specialized server for (b) that listens on a unix socket > and triggers his hook. But why? Why not just do the whole thing over > git-daemon or smart http, which already exist? If that "whole thing" is "to allow an arbitrary code to run anywhere as incoming user", I would apply the "why?" to a different part of the statemennt. Why allow running an arbitrary code at all? Running things as Bob with setuid is not a solution, either. A pre-anything hook wants to see if the accessing user, not the owner of the repository, can or cannot do something to the repository and decide what to do. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html