[darcs-devel] [issue1515] create checklist of potential security issues trying to give darcs-only access to a repo
bugs at darcs.net
Sun Aug 9 00:02:04 UTC 2009
New submission from Eric Kow <kowey at darcs.net>:
Trent from msg8043:
> I'm happy with WONTFIXing this (and the other) gaping security holes
> if we document VERY explicitly that you cannot give darcs push access
> to a user without also giving them a full shell.
> I'm not sure where this caveat should be tacked on; certainly darcs
> help should mention it, but in which command?
> I'd also very much like a detailed list of known exposures on a wiki
> page, so that anyone who thinks "pshaw, I can lock down darcs apply!"
> will have a checklist of things to address.
nosy: dmitry.kurochkin, kowey, simon, thorkilnaur, twb
title: create checklist of potential security issues trying to give darcs-only access to a repo
Darcs bug tracker <bugs at darcs.net>
More information about the darcs-devel