[MERGE][RFC] Enhanced hooks

[Robert Collins]

On Wed, 2008-02-06 at 15:14 -0600, John Arbash Meinel wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Robert Collins wrote:
> | On Wed, 2008-02-06 at 07:53 -0600, John Arbash Meinel wrote:
> |>
> |> Consider, one solution would be to require hooks to be gpg signed,
> |> and
> |> then give a list of keys that you are willing to trust the hooks. It
> |> would be possible, but it really starts adding a lot of complexity. I
> |> think it is far easier to have someone install the
> |> "site-configuration
> |> for company Foo" plugin.
> |
> | I think the right answer for getting centralised config is having the
> | hooks installed on a server, and requiring bzr+ssh access be used to
> | that server.
> |
> | This avoids all the security issues (the client does not run the hooks),
> | an deployment and versioning issues.
> |
> | -Rob
> |
> 
> Well, if you want people to conform to a given commit message template,
> even when they are working on a plane....

Sure, but they can just remove the plugin. Or edit the branch.conf to
remove the pointer. 

BTW the plugins I was suggesting in .bzr/plugins would not propogate
with fetch operations. I don't know if that was clear - they would be
separate, just a place to put them to make them affect a branch only.

> There are certainly lots of different use cases. I agree that having a
> central machine do some of the work is a decent solution. It certainly
> shares some ideas with our PQM model.

Indeed. PQM has some friction, but its designed to do long tasks; these
plugins probably should not be making commits take hours :)

-Rob
-- 
GPG key available at: <http://www.robertcollins.net/keys.txt>.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : https://lists.ubuntu.com/archives/bazaar/attachments/20080207/bc9e3828/attachment.pgp