[darcs-users] Re: darcs and source forge equivalent

Thomas Zander zander at kde.org
Thu Jul 14 15:59:40 UTC 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thursday 14 July 2005 16:27, Eric S. Johansson wrote:
> > The http part is for public downloads; the ssh part for private
> > uploads. Nobody that does not have a ssh account can alter your site.
>
> this is the very point I was making anyone with an SSH account can
> modify your site.  As far as I know based on the vandalism I have seen.
>   Obviously if they have changed things, that's great.

Ehm; if you can't trust your project members to not push patches that are 
not correct, then don't make them project members.
You can use file permissions to make a stable release only writable for 
you so you can control patches flowing from your project members to the 
public, stable repository.
And for the off chance that you mean that every one of the 100000 
sourceforge users can change your site, then you are wrong; basic unix 
protections will dissallow that. Well, obviously you _can_ make things 
world writable, but that means you don't have a clue about security so 
don't blame the software :)

Really, it works just fine and the concept has so many possible workflows 
you can always find one that works for you.

> > I do this on my sourceforge site; see:
> > http://uic.sf.net/_darcs/
> > where you can dargs get http://uic.sf.net
> > and if you are in the project (which , at unix level means in the
> > right group) you can write using ssh.
> > darcs push uic.sf.net/home/groups/u/ui/uic/htdocs/
>
> I noticed you use CVS on that site instead of advertising darcs?

Thats legacy; most members have used cvs for many years, so I only moved 
the www repository and not the main source repository.
I do use darcs at home for the sources and sync to cvs occasionally.
- -- 
Thomas Zander
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFC1ovtCojCW6H2z/QRAhvOAJsFcX+++PYCSNkrcn1gJM88Ats2eQCgrMU0
kXO9Zc+ntg/j5LJ5ZafvRqA=
=nAZG
-----END PGP SIGNATURE-----




More information about the darcs-users mailing list