severity 727122 normal tags 727122 - security thanks Hi!
* Bastien ROUCARIÈS <bastien.roucar...@u-cergy.fr> [2013-10-22 15:01:59 CEST]: > By default gitolite3 install create a test repo (see gitolite.conf) > repo testing: > RW+ = @all That's right. > This repositionnery is writtable by every one and could lead to distant dos > (disk full). No, it's not writable by everyone. It's writable by people whose key have been added. In that respect the testing repository is no different attack vector than any other repository you create for giving people write access. I agree that creating a testing repository might not be really useful for the usual installations, and I guess most people have removed that on their gitolite(3) installation, but that's not a dos attack vector than any other "regular" repository you grant access to. Enjoy, Rhonda -- Fühlst du dich mutlos, fass endlich Mut, los | Fühlst du dich hilflos, geh raus und hilf, los | Wir sind Helden Fühlst du dich machtlos, geh raus und mach, los | 23.55: Alles auf Anfang Fühlst du dich haltlos, such Halt und lass los | -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org