[MERGE][RFC] Enhanced hooks
Robert Collins
robertc at robertcollins.net
Wed Feb 6 21:11:26 GMT 2008
On Wed, 2008-02-06 at 07:53 -0600, John Arbash Meinel wrote:
>
>
> Consider, one solution would be to require hooks to be gpg signed,
> and
> then give a list of keys that you are willing to trust the hooks. It
> would be possible, but it really starts adding a lot of complexity. I
> think it is far easier to have someone install the
> "site-configuration
> for company Foo" plugin.
I think the right answer for getting centralised config is having the
hooks installed on a server, and requiring bzr+ssh access be used to
that server.
This avoids all the security issues (the client does not run the hooks),
an deployment and versioning issues.
-Rob
--
GPG key available at: <http://www.robertcollins.net/keys.txt>.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : https://lists.ubuntu.com/archives/bazaar/attachments/20080207/967f5435/attachment.pgp
More information about the bazaar
mailing list