On Mon, Apr 10, 2017 at 05:14:24PM -0400, Jeff King wrote: > > Also, I think this whole thing could really do with some documentation > > in githooks(5). E.g. what hooks does it apply for? The test is just > > for pre-receive but the patch changes run_update_hook(), does it also > > take effect for update? Ditto the caveat about update-ref. > > My thinking was that the cases where the effects were user-visible were > sufficiently insane that nobody would need to know or care when the > feature was in use. I guess it can't hurt to write about it, though. Here's that, plus a cleanup on the stray tmp_objdir_env() call you noticed. The final patch provides some safety for the ref-update case. My assumption all along has been that nobody would want to update random refs from inside the pre-receive hook. This doubles down on that by making it forbidden. I don't think that's a big loss, because doing so now is extremely dangerous. If that assumption is wrong, the correct path forward is to make the quarantining configurable. [1/3]: receive-pack: drop tmp_objdir_env from run_update_hook [2/3]: receive-pack: document user-visible quarantine effects [3/3]: refs: reject ref updates while GIT_QUARANTINE_PATH is set Documentation/git-receive-pack.txt | 29 +++++++++++++++++++++++++++++ Documentation/githooks.txt | 3 +++ builtin/receive-pack.c | 1 - refs.c | 6 ++++++ t/t5547-push-quarantine.sh | 11 +++++++++++ 5 files changed, 49 insertions(+), 1 deletion(-)