On Thu, Apr 25 2019, brian m. carlson wrote: > On Tue, Apr 23, 2019 at 07:34:38PM -0700, Jonathan Nieder wrote: >> Hi, >> >> brian m. carlson wrote: >> >> > I've talked with some people about this approach, and they've indicated >> > they would prefer a configuration-based approach. >> >> I would, too, mostly because that reduces the problem of securing >> hooks to securing configuration. See >> https://public-inbox.org/git/20171002234517.GV19555@xxxxxxxxxxxxxxxxxxxxxxxxx/ >> for more on this subject. > > I know this is a common issue, but fixing it is a non-goal for this > series. Anything we do here is going to have to be backwards compatible, > so we can't make any changes to the security model. Agreed on the problem, and on the non-goal for solving it as part of this series. >> Solving (1) without (2) feels like a bit of a missed opportunity to >> me. Ideally, what I would like is >> >> i. A central registry of trustworthy Git hooks that can be upgraded >> using the system package manager to address (2). Perhaps just >> git-hook-* commands on the $PATH. >> >> ii. Instead of putting hooks in .git/hooks, put a list of hooks to >> run for each event in .git/config. > > The problem I had with this when discussing it was that our > configuration system lacks a good way to control inheritance from outer > files. I recently was working with a system-wide gitconfig file that > referred to files I didn't have, and my Git installation was subtly > broken in a variety of ways. > > If I have a system-wide hook to run for company code, but I have a > checkout for my personal dotfiles on my machine where I don't want to > run that hook, our configuration lacks a way for me to disable that > system-wide configuration. However, using our current system, I can > override core.hooksPath in this case and everything works fine. > > I mentioned this for completeness, and because I hope that some of those > people will get some time to chime in here, but I think without that > feature, we end up with a worse experience than we have now. I sent a proposal for this last year "How to undo previously set configuration?": https://public-inbox.org/git/874lkq11ug.fsf@xxxxxxxxxxxxxxxxxxx/ Obviously the main bottleneck is someone like me working on patching it, but in this case it would be very useful if those who are interested in this could look that proposal over and bikeshed it / point out issues I may have missed, i.e. "no, this categorically won't work with this proposed syntax due to XYZ you haven't thought of...". Because we don't have some general config facility for this it keeps coming up, and various existing/proposed options have their own little custom hacks for doing it, e.g. this for Barret Rhoden's proposed "blame skip commits" feature https://public-inbox.org/git/878swhfzxb.fsf@xxxxxxxxxxxxxxxxxxx/ (b.t.w. I *meant* /dev/null in that E-Mail, but due to PEBCAK wrote /dev/zero).
