On Thu, Apr 17, 2008 at 6:27 PM, Sverre Rabbelier <alturin@xxxxxxxxx> wrote: > > > Because of that an in-tree '.gitconfig' would have no security risks > > > as long as it is not 'used' until after the clone. > > > > This is not true. A pre-commit hook or pre-checkout hook could be destructive. > > But, those won't be executed till after the review, so everything > would be good still, wouldn't it? No. A local review can be quite "active", involving changing branches, moving patches around, and fixing sh*t up. The hooks available offer plenty of danger if the repo can set them and make them active: $ ls .git/hooks/ applypatch-msg post-commit post-update pre-commit update commit-msg post-receive pre-applypatch pre-rebase cheers, m -- martin.langhoff@xxxxxxxxx martin@xxxxxxxxxx -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
