Thomas Hartman <[email protected]> writes: > I don't use darcs hooks and only understand what I have read about > them skimming the manual. > > But my understanding is that you can pretty much get darcs to execute > arbitrary commands using prehook and posthook functionality. > > Since patch-tag is world accessible, clearly this is not a good thing :)
Is it the case that you cannot set a hook unless you have direct write access to the repo (i.e. not via darcs push)? If that's true, could you use ssh force-command to only allow end users to run darcs push, and not anything else? Also, the hook will (presumably) run as the same user that invoked "darcs transfer-mode". If that's the case, then they will hopefully have difficulty escalating to root. _______________________________________________ darcs-users mailing list [email protected] http://lists.osuosl.org/mailman/listinfo/darcs-users
