Before I say anything, I’m not affiliated by any means with Git or its developers/designers.
That said, the worst case scenario is a malicious post-checkout script, that gets executed right after you cloned a repo, but before you have a chance to see the worktree. I know this is a real pain, especially for large teams. But it’s just better/more secure this way. Best, Gergely On Fri, Dec 15, 2017, 20:02 Satyakiran Duggina <[email protected]> wrote: > I see that `git init` creates a .git directory and hooks are to be placed > in that directory. And these hooks are not tracked by version control. To > achieve tracked hooks, either each developer has to copy the hooks or use > tools like overcommit, pre-commit, husky etc. > > I'm wondering why hooks are not made external like .gitignore. I guess it > be better to have two git configuration directories in a repo, one hosting > all the metadata managed by git and the other with user configured data > (hooks, > ignore, repo config etc). > > Kindly let me know why the current design choice is made and if the > proposed change would introduce unseen issues. > > -- > You received this message because you are subscribed to the Google Groups > "Git for human beings" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Git for human beings" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
