Re: Git Hooks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Dec 15, 2017 at 11:12 AM, Satyakiran Duggina
<satya0521@xxxxxxxxx> wrote:
> I see that `git init` creates a .git directory and hooks are to be
> placed in that directory and these hooks are not tracked by version
> control. To achieve tracked hooks, either each developer has to copy
> the hooks or use tools like overcommit, pre-commit, husky etc.
>
> I'm wondering why hooks are not made external like .gitignore. I guess
> it would be better to have two git configuration directories in a
> repo, one hosting all the metadata managed by git and the other with
> user configured data (hooks, ignore/exclude, repo config etc).

Hooks are not external because they're not trusted. It essentially
amounts to allowing someone to download an arbitrary script or program
onto your computer which you then execute. It's extremely unsafe, and
is intentionally not possible. To get hooks in your instance, you have
to _manually_ install them. This gives you a chance to _review_ them
before they start executing on your system. Any other approach and the
hooks become an attack vector.

>
> Kindly let me know why the current design choice is made and if the
> proposed change would introduce unseen issues.
>
>
> Thanks,
> Satya

Hope this helps!
Bryan Turner



[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux