Re: Intricacies of submodules

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Apr 18, 2008 at 5:31 AM, Martin Langhoff
<martin.langhoff@xxxxxxxxx> wrote:
> On Thu, Apr 17, 2008 at 6:27 PM, Sverre Rabbelier <alturin@xxxxxxxxx> wrote:
>  >  >  >  Because of that an in-tree '.gitconfig' would have no security risks
>  >  >  >  as long as it is not 'used' until after the clone.
>  >  >
>  >  >  This is not true. A pre-commit hook or pre-checkout hook could be destructive.
>  >
>  >  But, those won't be executed till after the review, so everything
>  >  would be good still, wouldn't it?
>
>  No. A local review can be quite "active", involving changing branches,
>  moving patches around, and fixing sh*t up. The hooks available offer
>  plenty of danger if the repo can set them and make them active:
>
>  $ ls .git/hooks/
>  applypatch-msg  post-commit   post-update     pre-commit  update
>  commit-msg      post-receive  pre-applypatch  pre-rebase
>
AFAIK, hooks are not cloned automatically. So where do the destructive
hooks come from?

-- 
Ping Yin
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux