[darcs-users] patcher without a user

John Meacham john at repetae.net
Tue Jul 29 18:27:34 UTC 2003 

On Tue, Jul 29, 2003 at 07:04:09AM -0400, David Roundy wrote:
> That's a cool trick! :) The one thing to be careful about is that giving
> someone access to your darcs-patcher repository pretty much gives them the
> ability to do whatever they want as the user it runs under, because they
> can modify the darcs_test script to run arbitrary code.  So you'll want to
> be especially careful to only allow the gnupg keys of users you really
> trust.

Something I have thought about implementing is writing a version of
darcs-patcher which accepts patches from anyone, but only applys
automatically those with valid signatures and others are placed into a
'pending pool' which would be published publicly via a web interface.
then people can grab 'untested' patches from anyone if they fix a bug
they are interested in and main developers with gpg keys could integrate
them if they seem worthy of the main trunk. a 'voting' type distributed
thing could also be done to decide what goes into the main trunk. I
wanted to do something like this for cvs a while ago, but I think darcs
patch-model works much better since it allows more cherry-picking of
patches you are interested in. some sort of public comment procedure on
patches could also work, or perhaps integration with a mailing list. I
think there are a lot of interesting things to explore there.

There is probably room for several web/patcher backends to darcs
depending on the exact application used. something integrated with
bugzilla might be handy for some while others have no need for instance.
plus, it makes a good basis for collaborative tools, such as a wiki type
application. its simple HTTP pull and email push protocol mean that
anyone can write backends easily to their needs, I think this will turn
out to be a major advantage of darcs.

> > thought i'd share my experience, hope this helps someone.
> 
> Oh it's very interesting.  I never thought of this... I'm wondering now
> whether it would be a better plan to redesign the darcs-createrepo to have
> there be one darcs-patcher user that owns several repositories.  Then the
> darcs-server package could create the user when it is installed, and
> createrepo wouldn't ever again have to mess with a new user!  Probably I'd
> use the /etc/aliases route... but this is definitely a job for after
> 0.9.12, if at all.

Yeah, that would be nice, adding users is not always practical for
various reasons and there is no need for it to be manditory. rather than
doing the HOME trick i mentioned before, darcs-patcher could just take a
command line option telling it which allowed_keys and whiche repo to
use. 

Actually, would there be any way to place what 'repo' a patch should be
applied to into the mail that is sent via push somehow? then we can completly
divorce the operation of darcs-patcher from the particular email address
patches are sent too, this will help with people that use procmail to grab
patches out of their inbox or off mailing lists. A file somewhere in
_darcs which is automatically appendended to outgoing pushs would be
fine, then whoever the user pulls from can set the policy for what extra info
should be returned in their 'push's. although perhaps there is a better
mechanism in place..

just some thoughts...
        John

-- 
---------------------------------------------------------------------------
John Meacham - California Institute of Technology, Alum. - john at foo.net
---------------------------------------------------------------------------

More information about the darcs-users mailing list