Hilco Wijbenga <hilco.wijbenga@xxxxxxxxx> writes:
>> Matthieu is *not* talking about auditing nastiness going into the
>> project's repository; he is talking is about a chance to audit whatever
>> comes from the project's repository that *could* potentially contain some
>> nastiness before it causes harm to your working environment. In other
>> words, not *having* to trust what is in the project's repository, but
>> having a way to verify.
>
> Perhaps these automatic hooks should only be applicable for "outgoing"
> changes like commit and push? That way you can review the hooks before
> they run but you still have a chance to prevent developer errors from
> getting to the server/other people (which is really all I care about,
> I am looking for a way to protect developers from making silly
> mistakes).
Shouldn't those checks be made server-side with a pre-receive hook?
--
Thomas Rast
trast@{inf,student}.ethz.ch
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html