Re: Trust issues with hooks and config files

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 07.03.2014 22:04, Jeff King wrote: > Yes, this is a well-known issue. The only safe operation on a > repository for which somebody else controls hooks and config is to > fetch from it (upload-pack on the remote repository does not > respect any da

Trust issues with hooks and config files

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, I've noticed some behavior of git that might lead to some security issues if the user is not aware of this. Assume we have an evil user on a system, let's call him eve. He prepares a repository where he allows other user to push changes to. If