From: Satyakiran Duggina <firstname.lastname@example.org>
To: Bryan Turner <email@example.com>
Cc: Git Users <firstname.lastname@example.org>
Subject: Re: Git Hooks
Date: Fri, 15 Dec 2017 12:48:07 -0800 [thread overview]
Message-ID: <CAMZug26A0e=AunMOjZNC_xH2E5uqHe46mt6=jawWe7ozF=Jn0Q@mail.gmail.com> (raw)
To give the code pullers a chance to review, can we not have a
`trusted-hooks: default` and `trusted-SHA: <some sha>` field in .git/.
I'm assuming githooks/ are source tracked here.
When developer tries to execute `git commit`, git can ask developer to
change `trusted-hooks` field to true or false. Let's say developer
sets it to true, git can record the SHA. If any latest pull has the
hooks changed, git can revert the `trusted-hook` to default.
This way there is not much hassle for developers to manually copy
hooks all the time. And at the same time, they are not running scripts
that they haven't reviewed.
Will this work?
On Fri, Dec 15, 2017 at 11:23 AM, Bryan Turner <email@example.com> wrote:
> On Fri, Dec 15, 2017 at 11:12 AM, Satyakiran Duggina
> <firstname.lastname@example.org> wrote:
>> I see that `git init` creates a .git directory and hooks are to be
>> placed in that directory and these hooks are not tracked by version
>> control. To achieve tracked hooks, either each developer has to copy
>> the hooks or use tools like overcommit, pre-commit, husky etc.
>> I'm wondering why hooks are not made external like .gitignore. I guess
>> it would be better to have two git configuration directories in a
>> repo, one hosting all the metadata managed by git and the other with
>> user configured data (hooks, ignore/exclude, repo config etc).
> Hooks are not external because they're not trusted. It essentially
> amounts to allowing someone to download an arbitrary script or program
> onto your computer which you then execute. It's extremely unsafe, and
> is intentionally not possible. To get hooks in your instance, you have
> to _manually_ install them. This gives you a chance to _review_ them
> before they start executing on your system. Any other approach and the
> hooks become an attack vector.
>> Kindly let me know why the current design choice is made and if the
>> proposed change would introduce unseen issues.
> Hope this helps!
> Bryan Turner
Regards & Thanks
Satya Kiran Duggina
next prev parent reply other threads:[~2017-12-15 20:48 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-15 19:12 Git Hooks Satyakiran Duggina
2017-12-15 19:23 ` Bryan Turner
2017-12-15 20:48 ` Satyakiran Duggina [this message]
2017-12-16 9:53 ` Jeff King
2017-12-19 13:55 ` Allowing remote git repos to set config & hook configuration Ævar Arnfjörð Bjarmason
-- strict thread matches above, loose matches on Subject: below --
2009-09-16 23:24 Git Hooks daicoden
2009-09-16 23:31 ` Junio C Hamano
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).