Hi, Sergey Vlasov wrote: > On Tue, 27 Sep 2005 10:45:13 +0200 Matthias Urlichs wrote: > >> > If one has commit privileges, then one can already do enough >> > harm to the project without being able to remove objects nor >> > updating a ref with non-fast-forward ref. >> >> But in that case it's traceable what happened and whodunit. > > Don't forget that the user who has rights to invoke git-receive-pack > can set the "author" and "committer" fields in his commits to anything > he wants - unless you check these fields in hooks/update. Sure. I plan to; "committer" at least should match one of the user's known email addresses. In addition to that, the files will belong to the user. -- Matthias Urlichs | {M:U} IT Design @ m-u-it.de | smurf@smurf.noris.de Disclaimer: The quote was selected randomly. Really. | http://smurf.noris.de - - Never count your chickens before they rip your lips off. - To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.htmlReceived on Tue Sep 27 20:33:04 2005
This archive was generated by hypermail 2.1.8 : 2005-09-27 20:33:07 EST