On Wed, Apr 24 2019, Jonathan Nieder wrote: > Hi, > > brian m. carlson wrote: > >> I've talked with some people about this approach, and they've indicated >> they would prefer a configuration-based approach. > > I would, too, mostly because that reduces the problem of securing > hooks to securing configuration. See > https://public-inbox.org/git/20171002234517.GV19555@xxxxxxxxxxxxxxxxxxxxxxxxx/ > for more on this subject. I hadn't noticed this E-Mail when I later wrote similar musings on the subject: https://public-inbox.org/git/87zi6eakkt.fsf@xxxxxxxxxxxxxxxxxxx/ https://public-inbox.org/git/874lkq11ug.fsf@xxxxxxxxxxxxxxxxxxx/ I.e. what I wanted out of it was an in-repository .gitconfig instead of inspecting some some random repo with a .git/config. But the problem to be solved is the same: The ability to carefully poke a config file with a stick at a distance, and carefully whitelist which parts of it (if any) you want to trust.
