)]}'
{
  "commit": "40252c20f75188147558c0135bf71de907e01442",
  "tree": "d20ffbc8160430782680e10ce121b678cdc8e940",
  "parents": [
    "69297c1b771bbbd05b63e965a524de6860d15d8c"
  ],
  "author": {
    "name": "Mike Frysinger",
    "email": "vapier@google.com",
    "time": "Mon Aug 15 21:23:44 2016 -0400"
  },
  "committer": {
    "name": "Mike Frysinger",
    "email": "vapier@google.com",
    "time": "Tue Aug 16 13:02:52 2016 -0400"
  },
  "message": "RepoHook: allow users to approve hooks via manifests\n\nThe constant prompting when registered hooks change can be tedious and\nhas a large multiplication factor when the project is large (e.g. the\nAOSP).  It gets worse as people want to write more checks, hooks, docs,\nand tests (or fix bugs), but every CL that goes in will trigger a new\nprompt to approve.\n\nLet\u0027s tweak our trust model when it comes to hooks.  Since people start\noff by calling `repo init` with a URL to a manifest, and that manifest\ndefines all the hooks, anchor trust in that.  This requires that we get\nthe manifest over a trusted link (e.g. https or ssh) so that it can\u0027t\nbe MITM-ed.  If the user chooses to use an untrusted link (e.g. git or\nhttp), then we\u0027ll fallback to the existing hash based approval.\n\nBug: Issue 226\nChange-Id: I77be9e4397383f264fcdaefb582e345ea4069a13\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "918ee09c95c111f46a2e0fde44d55a36030af2ce",
      "old_mode": 33188,
      "old_path": "project.py",
      "new_id": "7f9a8957694e383b98cb57604ad8733de8391ad0",
      "new_mode": 33188,
      "new_path": "project.py"
    },
    {
      "type": "modify",
      "old_id": "674fc17dfc34d87874a3b9d071d291b7e48f0227",
      "old_mode": 33188,
      "old_path": "subcmds/upload.py",
      "new_id": "4b05f1e862211bbff67ab4c2743c160b23980266",
      "new_mode": 33188,
      "new_path": "subcmds/upload.py"
    }
  ]
}