[darcs-users] DARCS pushable repository security question

Sean E. Russell ser at germane-software.com
Mon Oct 20 12:42:22 UTC 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Monday 20 October 2003 07:53, David Roundy wrote:
> It's somewhat exaggerated to make people more likely to be careful.  The
> danger isn't a conventional exploit that would allow running of arbitrary

[snipping a lot of really good explaination]

You should just copy this email and stuff it in the FAQ.

> Part of the reason I haven't worried too much about this issue is because
> my feeling is that the best use of darcs *is* to run tests on a push
> server.  It saves developers the trouble (and time) of testing each change

I have a more humble use for DARCS, in that I simply want a place for people 
to easily submit patches.  I'm going to be auditing the patches before 
accepting them into a secure repository, and I'll be running tests at that 
point.

- -- 
### SER   
### Deutsch|Esperanto|Francaise|Linux|XML|Java|Ruby|Aikido|Dirigibles
### http://www.germane-software.com/~ser  jabber.com:ser  ICQ:83578737 
### GPG: http://www.germane-software.com/~ser/Security/ser_public.gpg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE/k9g0P0KxygnleI8RAuOYAKDJ+BgUo8Dv83RC4G5l8C5uixMQKgCfdfia
L6NjgaQVS18n6+bqf6KortI=
=AOaP
-----END PGP SIGNATURE-----





More information about the darcs-users mailing list