Why isn't hook file cloned to bared repository ?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Why isn't hook file cloned to bared repository ?

Emily Ren
Hi,

I added file "update" in my git repository my_repo/.git/hooks/,  then
I run command "git clone --bare my_repo" to generate a bared
repository my_repo.git. But there's no update in my_repo.git/hooks.

Do you know why ?

Thanks,
Emily
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to [hidden email]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Reply | Threaded
Open this post in threaded view
|

Re: Why isn't hook file cloned to bared repository ?

Bryan Donlan
On Wed, Mar 4, 2009 at 12:40 AM, Emily Ren <[hidden email]> wrote:
> Hi,
>
> I added file "update" in my git repository my_repo/.git/hooks/,  then
> I run command "git clone --bare my_repo" to generate a bared
> repository my_repo.git. But there's no update in my_repo.git/hooks.
>
> Do you know why ?

Because allowing code from an untrusted third-party repository to be
executed automatically without giving a chance to examine it is not a
very good idea from a security standpoint. In addition, hooks are
often not of interest to the person cloning the repository. Because of
these reasons, git clone will not copy hooks from the source
repository (for consistency, this is the case even when the source is
local).
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to [hidden email]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Reply | Threaded
Open this post in threaded view
|

Re: Why isn't hook file cloned to bared repository ?

Johannes Schindelin
Hi,

On Wed, 4 Mar 2009, Bryan Donlan wrote:

> On Wed, Mar 4, 2009 at 12:40 AM, Emily Ren <[hidden email]> wrote:
>
> > I added file "update" in my git repository my_repo/.git/hooks/,  then
> > I run command "git clone --bare my_repo" to generate a bared
> > repository my_repo.git. But there's no update in my_repo.git/hooks.
> >
> > Do you know why ?
>
> Because allowing code from an untrusted third-party repository to be
> executed automatically without giving a chance to examine it is not a
> very good idea from a security standpoint. In addition, hooks are
> often not of interest to the person cloning the repository. Because of
> these reasons, git clone will not copy hooks from the source
> repository (for consistency, this is the case even when the source is
> local).
I might add that hooks are not part of the repository.  They are not
versioned, for example.

Having said that, nothing prevents you from committing a set of example
hooks and a script to install them, and tell your users that they may
install default hooks using that script.  I do that for one of my
projects.

Ciao,
Dscho