Daniel P. Berrangé wrote: > On Fri, Aug 10, 2018 at 11:27:43AM +0200, Pierre-Yves Chibon wrote: >> On Fri, Aug 10, 2018 at 10:16:13AM +0100, Daniel P. Berrangé wrote: >>> ability to write to git, but there are a variety of ways to deal with that. >> >> I'm pretty sure we used to do this at one point but one of the issue is that >> tags are no immutable, packagers can change them even if we block force push. >> I believe this is why we no longer do this :) > > A git commit "update" hook can be used to block deletion or modification > of any existing tags.
Indeed. The default update hook provides exactly such a
capability (as well as others to prevent deletion of tags
and pushing lightweight tags). The tag can be found in the
git source:
https://git.kernel.org/pub/scm/git/git.git/tree/templates/hooks--update.sample
and in the git-core package:
/usr/share/git-core/templates/hooks/update.sample
Similarly, a hook could be used to disallow the tagging
service from writing to anything outside of refs/tags to
help allay the concerns about a service having write access
to the git repositories.
Also, many thanks to Pingou and everyone who helped to add
this feature!
--
Todd
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Disobedience, n. The silver lining to the cloud of servitude.
-- Ambrose Bierce, "The Devil's Dictionary"
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected]/message/67SF65KTHOFV2DG7TKHMTDBPJR742M7C/
