On 02/20/2018 08:42 AM, Jeff King wrote:>> [...] >> >> Is there a way for “pre-receive” to individually filter [refs]? I was >> under the impression that the only way to do that was to use the >> “update” hook, which was the reason I wanted to model it after “update” >> rather than “pre-receive” (my use case being a check independent for >> each pushed ref) > > No, pre-receive is always atomic. However, that may actually be what you > want, if the point is to keep untrusted data out of the repository. By > rejecting the whole thing, we could in theory keep the objects from > entering the repository at all. This is how the push side works via the > "quarantine" system (which is explained in git-receive-pack(1)). > Fetching doesn't currently quarantine objects, but it probably wouldn't > be very hard to make it do so. Oh, I didn't think about quarantining behavior, indeed! So I guess, following your answer as well as Jake's, I'll try to implement a pre-receive-like hook, and will come back to this list when I'll have a tentative implementation. Thanks for the advice! :)
