From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Shawn O. Pearce" <spearce@spearce.org>
Subject: Re: [PATCH 0/2] upload-pack: pre- and post- hooks
Date: Mon, 1 Feb 2010 08:36:18 -0800
Message-ID: <20100201163618.GB9394@spearce.org>
References: <6f8b45101001150414r2661001ep10819b601953c05b@mail.gmail.com> <1265013127-12589-1-git-send-email-ford_prefect@gentoo.org> <20100201152010.GC8916@spearce.org> <alpine.LFD.2.00.1002011116320.1681@xanadu.home>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: Arun Raghavan <ford_prefect@gentoo.org>, git@vger.kernel.org
To: Nicolas Pitre <nico@fluxnic.net>
X-From: git-owner@vger.kernel.org Mon Feb 01 17:36:33 2010
Return-path: <git-owner@vger.kernel.org>
Envelope-to: gcvg-git-2@lo.gmane.org
Received: from vger.kernel.org ([209.132.180.67])
	by lo.gmane.org with esmtp (Exim 4.69)
	(envelope-from <git-owner@vger.kernel.org>)
	id 1NbzGK-0003Wp-EI
	for gcvg-git-2@lo.gmane.org; Mon, 01 Feb 2010 17:36:32 +0100
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1755584Ab0BAQgY (ORCPT <rfc822;gcvg-git-2@m.gmane.org>);
	Mon, 1 Feb 2010 11:36:24 -0500
Received: from mail-pz0-f190.google.com ([209.85.222.190]:51128 "EHLO
	mail-pz0-f190.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1755566Ab0BAQgX (ORCPT <rfc822;git@vger.kernel.org>);
	Mon, 1 Feb 2010 11:36:23 -0500
Received: by pzk28 with SMTP id 28so4267756pzk.4
        for <git@vger.kernel.org>; Mon, 01 Feb 2010 08:36:22 -0800 (PST)
Received: by 10.115.145.4 with SMTP id x4mr3184425wan.147.1265042182482;
        Mon, 01 Feb 2010 08:36:22 -0800 (PST)
Received: from localhost (george.spearce.org [209.20.77.23])
        by mx.google.com with ESMTPS id 12sm803361pxi.3.2010.02.01.08.36.20
        (version=TLSv1/SSLv3 cipher=RC4-MD5);
        Mon, 01 Feb 2010 08:36:21 -0800 (PST)
Content-Disposition: inline
In-Reply-To: <alpine.LFD.2.00.1002011116320.1681@xanadu.home>
User-Agent: Mutt/1.5.17+20080114 (2008-01-14)
Sender: git-owner@vger.kernel.org
Precedence: bulk
List-ID: <git.vger.kernel.org>
X-Mailing-List: git@vger.kernel.org
Archived-At: <http://permalink.gmane.org/gmane.comp.version-control.git/138624>

Nicolas Pitre <nico@fluxnic.net> wrote:
> On Mon, 1 Feb 2010, Shawn O. Pearce wrote:
> I think such hooks could be allowed only if triggered explicitly by the 
> upload-pack caller, such as git-daemon.  That's probably the only 
> scenario where a useful use case can be justified for them anyway.
> 
> And of course, to avoid any security problems, the actual hooks must not 
> be provided by the repository owner but provided externally, like from 
> git-daemon, via some upload-pack command line arguments.  This way the 
> hooks are really controlled by the system administrator managing 
> git-daemon and not by any random git repository owner.
> 
> That should be good enough for all the use cases those hooks were 
> originally designed for.

Oooh, I like that.

If the paths to the hooks are passed in on the command line of
git-upload-pack, and git-daemon takes those options and passes
them through, you're right, we probably get everything we need.

Gitosis can still use the hooks if it wants, since it controls
the call of git-upload-pack.

-- 
Shawn.