> 1) git allows anyone with write access to damage your history with
> 'git push -f'. While this is OK for a very-decentralized project like
> Linux, it doesn't work well for projects that have a central
> repository with hundreds of writers.
That's what receive.denyNonFastForwards is for.
Of course for any reasonable complex setup you probably want to write an update hook anyway.