On Thu, Apr 17, 2008 at 11:25 PM, Martin Langhoff <martin.langhoff@xxxxxxxxx> wrote: > On Thu, Apr 17, 2008 at 6:00 PM, Sverre Rabbelier <alturin@xxxxxxxxx> wrote: > > provide any hooks to execute things (which of course includes changing > > the environment) it should be fine, but if it is, it should be ignored > > till after clone has finished. > > It should not be allowed at all. After the clone is the review, and > that has to be safe too. I reckon review is done without using git, I don't see how it would pose a security risk. > > Because of that an in-tree '.gitconfig' would have no security risks > > as long as it is not 'used' until after the clone. > > This is not true. A pre-commit hook or pre-checkout hook could be destructive. But, those won't be executed till after the review, so everything would be good still, wouldn't it? Cheers, Sverre Rabbelier -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
