Pre-commit action defaults to run with '--all-files', which is great for
the other action. For copyright-lint however, it is wrong to assume that
all files were changed by a single entity and therefore this can't be
tested easily. It could work if a range of files were passed and the
author email extracted from each commit.
Many people reported problems with the installation command, most of
them had typos, understandable due to the long command. Tar is available
even on minimal templates. Using tar is not more dangerous than using
qfile-unpacker in this case because the project has no signed archives
and passing a directory to dom0 is insecure, considering a git repo, an
attacker could find information in the .git directory or modify files
and add them to git exclude, which won't be noticed when verifying the
commit signature.
In the future, if a signed tarball were to be provided, qvm-run and pipe
would be used instead, making the command even simpler.
