undef/git-commit-vandalism
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
9398e5aa16
git-commit-vandalism/contrib
History
Shawn O. Pearce 9398e5aa16 Contribute a fairly paranoid update hook 
I'm using a variant of this update hook in a corporate environment
where we perform some validations of the commits and tags that
are being pushed.  The model is a "central repository" type setup,
where users are given access to push to specific branches within
the shared central repository.  In this particular installation we
run a specially patched git-receive-pack in setuid mode via SSH,
allowing all writes into the repository as the repository owner,
but only if this hook blesses it.

One of the major checks we perform with this hook is that the
'committer' line of a commit, or the 'tagger' line of a new annotated
tag actually correlates to the UNIX user who is performing the push.
Users can falsify these lines on their local repositories, but
the central repository that management trusts will reject all such
forgery attempts.  Of course 'author' lines are still allowed to
be any value, as sometimes changes do come from other individuals.

Another nice feature of this hook is the access control lists for
all repositories on the system can also be stored and tracked in
a supporting Git repository, which can also be access controlled
by itself.  This allows full auditing of who-had-what-when-and-why,
thanks to git-blame's data mining capabilities.

Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
Signed-off-by: Junio C Hamano <junkio@cox.net>
2007-04-19 23:27:09 -07:00
..
blameview blameview: Fix the browse behavior in blameview 2007-02-27 21:41:48 -08:00
completion Remove git-diff-stages. 2007-02-12 19:33:03 -08:00
continuous contrib/continuous: a continuous integration build manager 2007-03-19 22:21:19 -07:00
emacs Merge branch 'maint' 2007-04-05 16:34:51 -07:00
examples Make gc a builtin. 2007-03-17 00:34:19 -07:00
fast-import Use gunzip -c over gzcat in import-tars example. 2007-02-21 11:09:57 -05:00
gitview [PATCH] Rename git-repo-config to git-config. 2007-01-28 16:16:53 -08:00
hg-to-git Add hg-to-git conversion utility. 2007-02-05 13:52:45 -08:00
hooks Contribute a fairly paranoid update hook 2007-04-19 23:27:09 -07:00
vim contrib/vim: update syntax for changed commit template 2007-01-22 20:40:26 -08:00
workdir contrib/workdir: add a simple script to create a working directory 2007-03-31 01:26:28 -07:00
README Add contrib/README. 2006-02-17 13:33:14 -08:00
remotes2config.sh [PATCH] Rename git-repo-config to git-config. 2007-01-28 16:16:53 -08:00

README 

Contributed Software

Although these pieces are available as part of the official git
source tree, they are in somewhat different status.  The
intention is to keep interesting tools around git here, maybe
even experimental ones, to give users an easier access to them,
and to give tools wider exposure, so that they can be improved
faster.

I am not expecting to touch these myself that much.  As far as
my day-to-day operation is concerned, these subdirectories are
owned by their respective primary authors.  I am willing to help
if users of these components and the contrib/ subtree "owners"
have technical/design issues to resolve, but the initiative to
fix and/or enhance things _must_ be on the side of the subtree
owners.  IOW, I won't be actively looking for bugs and rooms for
enhancements in them as the git maintainer -- I may only do so
just as one of the users when I want to scratch my own itch.  If
you have patches to things in contrib/ area, the patch should be
first sent to the primary author, and then the primary author
should ack and forward it to me (git pull request is nicer).
This is the same way as how I have been treating gitk, and to a
lesser degree various foreign SCM interfaces, so you know the
drill.

I expect that things that start their life in the contrib/ area
to graduate out of contrib/ once they mature, either by becoming
projects on their own, or moving to the toplevel directory.  On
the other hand, I expect I'll be proposing removal of disused
and inactive ones from time to time.

If you have new things to add to this area, please first propose
it on the git mailing list, and after a list discussion proves
there are some general interests (it does not have to be a
list-wide consensus for a tool targeted to a relatively narrow
audience -- for example I do not work with projects whose
upstream is svn, so I have no use for git-svn myself, but it is
of general interest for people who need to interoperate with SVN
repositories in a way git-svn works better than git-svnimport),
submit a patch to create a subdirectory of contrib/ and put your
stuff there.

-jc