[darcs-users] Darcs Servers

[Trent W. Buck]

Miklos Vajna <vmiklos at frugalware.org> writes:

> On Mon, Aug 17, 2009 at 12:34:13PM -0700, Jason Dagit <dagit at codersbase.com> wrote:
>> It's good that you've identified this.  Do you propose a way to
>> implement setpref so that this path of injection is not possible?
>> Once upon a time, I had written code so that the repository could
>> disallow post-hooks.  But this approach was no more secure and it was
>> not fine grained either (except in interactive use).
>
> I tried not proposing anything, as in case I say "just look at how git
> does it" some people on this list may become angry. ;-)

I, for one, would rather learn from the mistakes of others, and snarf
their good ideas, rather than repeating the former and reinventing the
latter.

> 1) A system where there are trusted users only and setprefs is handy,
> getting rid of them would be 'getting rid of a nice feature'.
>
> There you can still just symlink (for example) hooks/post-apply to
> _darcs/hooks/post-apply, so changing hooks via patches will be still
> allowed.

This strikes me a as a reasonable way to lock down setpref without loss
of functionality for those that use it.  A little care would be needed
to ensure that when branching or cloning a repo ("darcs get" for both)
you get DWIM behaviour with respect to prefs being copied/not copied.

> 2) A system where not everybody is a trusted user: setpref can no
> longer be set to any problematic value, darcs is not considered
> 'insecure by design' by sysadmins.

Apart from all the other gaping holes that still need to be closed :-)