[MERGE][RFC] Enhanced hooks

Aaron Bentley aaron at aaronbentley.com
Wed Feb 6 07:22:23 GMT 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ian Clatworthy wrote:

> 1. Scripts to run when hooks are triggered can now be defined in
>    configuration files. Multiple scripts can be given for each
>    hook and each hook is named.

Until I read your wiki page, I did not realize you were contemplating
hooks in branch.conf.  Since this file may be controlled by another
user, this opens the door to malicious activity.  It's something I tried
very hard to guard against happening, which is why gpg_signing_command
cannot be specified in branch.conf.

Should anyone pursue the idea of configuration files, I strongly suggest
that branch.conf be considered untrusted by default.

Aaron

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHqWAv0F+nu1YWqI0RAi53AJ9kW3KT2ypZIKToBgueRQQcxDuWMgCeNlwm
LYpYpzIpGMFfmywOIz8G6zo=
=Te0w
-----END PGP SIGNATURE-----



More information about the bazaar mailing list