| commit | bf7d977f8c9a01b4decab2ecbd1ba02203e5a8bc | |
| author | Ævar Arnfjörð Bjarmason <avarab@gmail.com> | |
| Wed, 4 May 2016 22:58:10 +0000 (4 22:58 +0000) | ||
| committer | Junio C Hamano <gitster@pobox.com> | |
| Wed, 4 May 2016 23:22:48 +0000 (4 16:22 -0700) | ||
| tree | 0b1307bf7fcc9752ab5c329a7f14fdec47805633 | treesnapshot (tar.gz zip) |
| parent | 49fa52fd003ece5ea997607167bc5aaec3ff61af | commitdiff |
githooks.txt: amend dangerous advice about 'update' hook ACL
Any ACL you implement via an 'update' hook isn't actual access control
if the user has login access to the machine running git, because they
can trivially just build their own version of Git which doesn't run the
hook.
Change the documentation to take this dangerous edge case into account,
and remove the mention of the advice originating on the mailing list,
the users reading this don't care where the idea came up.
Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Any ACL you implement via an 'update' hook isn't actual access control
if the user has login access to the machine running git, because they
can trivially just build their own version of Git which doesn't run the
hook.
Change the documentation to take this dangerous edge case into account,
and remove the mention of the advice originating on the mailing list,
the users reading this don't care where the idea came up.
Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
| Documentation/githooks.txt | diffblobblamehistory |