Re: Is there any way to make hooks part of the repository?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 1 May 2012 23:38, Matthieu Moy <Matthieu.Moy@xxxxxxxxxxxxxxx> wrote:
> Hilco Wijbenga <hilco.wijbenga@xxxxxxxxx> writes:
>
>> On 1 May 2012 13:33, Junio C Hamano <gitster@xxxxxxxxx> wrote:
>>> Hilco Wijbenga <hilco.wijbenga@xxxxxxxxx> writes:
>>>
>>>> Is there any way to get (some of) the Git hooks to run for everyone
>>>> without everyone having to install them separately? If no, is this by
>>>> design or simply a feature nobody has asked for (yet)?
>>>
>>> By design.  Do you want me to include "rm -fr ~hilco" in some hook of
>>> git.git repository?
>>
>> Mmm, well, I might get quite famous if you did... ;-)
>>
>> But if you wanted to be evil then you could easily find another place
>> (the build scripts, the code itself, et cetera).
>
> Yes, but at least, you have the opportunity to examine the other places
> before they are ran. Hooks would be really, really nasty security-wise.
> For example, "git clone" does a checkout, so should probably run the
> checkout hooks.

There is (or, rather, should be) absolutely no difference between code
changes and hook changes. Both would go through the same review
process. If it's possible to put in nasty hooks then it's possible to
put in nasty code.

>> So I don't think this is a good argument. Moreover, I do not work with
>> people that would ever consider such nastiness. You need to realize
>> that this is all closed source. Your argument would be more valid in
>> an open source environment (like git.git).
>
> That may be acceptable for you, but you can't ask for such feature to be
> included in Git itself. At best, a standardized way to setup hooks (but
> something that would require a user-action to be set up) would be
> acceptable.

Given ${PROJECT}/.git, I would think that a simple config setting
(hooks.run-automatically-this-is-a-security-risk [defaulting to false,
of course]) and an extra directory like ${PROJECT}/.hooks (this should
probably be configurable as well: hooks.directory) would work
perfectly. Then it's up to the project to decide if they want to use
that feature. Moreover, you could then still have "personal" hooks in
${PROJECT}/.git/hooks.

Would such a setup be acceptable?
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]