[darcs-users] DARCS pushable repository security question
Sean E. Russell
ser at germane-software.com
Mon Oct 20 12:42:22 UTC 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Monday 20 October 2003 07:53, David Roundy wrote:
> It's somewhat exaggerated to make people more likely to be careful. The
> danger isn't a conventional exploit that would allow running of arbitrary
[snipping a lot of really good explaination]
You should just copy this email and stuff it in the FAQ.
> Part of the reason I haven't worried too much about this issue is because
> my feeling is that the best use of darcs *is* to run tests on a push
> server. It saves developers the trouble (and time) of testing each change
I have a more humble use for DARCS, in that I simply want a place for people
to easily submit patches. I'm going to be auditing the patches before
accepting them into a secure repository, and I'll be running tests at that
point.
- --
### SER
### Deutsch|Esperanto|Francaise|Linux|XML|Java|Ruby|Aikido|Dirigibles
### http://www.germane-software.com/~ser jabber.com:ser ICQ:83578737
### GPG: http://www.germane-software.com/~ser/Security/ser_public.gpg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE/k9g0P0KxygnleI8RAuOYAKDJ+BgUo8Dv83RC4G5l8C5uixMQKgCfdfia
L6NjgaQVS18n6+bqf6KortI=
=AOaP
-----END PGP SIGNATURE-----
More information about the darcs-users
mailing list