On 20/05/14 06:53 PM, josh@joshtriplett.org wrote:
> How feasible is it to support git hooks that want to construct and send
> (significant volumes of) email, while retaining the security and
> sandboxing currently being applied to git repositories?

It's feasible, but I can't make this a free-for-all, for obvious
reasons. :) With gitolite, hooks execute as the same user "git" and
therefore any code running inside a hook has unfettered access to all
git repositories regardless of in-gitolite repository permissions.

What we can do is have a peer-reviewed collection of "blessed" hooks
available to developers. Not being a kernel dev myself, I'm not the one
to put such a collection together, though -- I'm not even sure if such a
cookie-cutter approach would be suitable.

I guess what I'm really trying to say is that I'd rather avoid having to
continuously review code written by people to whom "you write perl like
it's C" is a compliment. ;) If we can get by with a handful of standard
hooks, I'm for it, though.

Best,
-- 
Konstantin Ryabitsev
Senior Systems Administrator
Linux Foundation Collab Projects
Montréal, Québec