On Thu, Apr 17, 2008 at 6:00 PM, Sverre Rabbelier <alturin@xxxxxxxxx> wrote: > provide any hooks to execute things (which of course includes changing > the environment) it should be fine, but if it is, it should be ignored > till after clone has finished. It should not be allowed at all. After the clone is the review, and that has to be safe too. > Because of that an in-tree '.gitconfig' would have no security risks > as long as it is not 'used' until after the clone. This is not true. A pre-commit hook or pre-checkout hook could be destructive. cheers, m -- martin.langhoff@xxxxxxxxx martin@xxxxxxxxxx -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
