[QuinnWilton]

Over the past few years there's been a few vulnerabilities in Git that result from an attacker injecting hooks into a repo. I wonder whether it'd be possible / worthwhile to disable hooks by default, and only enable them on a per-repo basis.

Of course, then the goal just becomes attacking that whitelist, and all the complexity that comes with that. Security is hard.

[chatmasta]

A good starting point would be requiring a specific flag when executing any git command that should be attached to a hook. Something like git clone —-allow-hooks to enable post-checkout hooks ; or git commit —-allow-hooks to allow pre/post-commit hooks.