On Wed, Apr 24 2019, Jonathan Nieder wrote:
> Hi, > > brian m. carlson wrote: > >> I've talked with some people about this approach, and they've indicated >> they would prefer a configuration-based approach. > > I would, too, mostly because that reduces the problem of securing > hooks to securing configuration. See > https://public-inbox.org/git/[email protected]/ > for more on this subject. I hadn't noticed this E-Mail when I later wrote similar musings on the subject: https://public-inbox.org/git/[email protected]/ https://public-inbox.org/git/[email protected]/ I.e. what I wanted out of it was an in-repository .gitconfig instead of inspecting some some random repo with a .git/config. But the problem to be solved is the same: The ability to carefully poke a config file with a stick at a distance, and carefully whitelist which parts of it (if any) you want to trust.
