On Fri, Aug 07, 2009 at 14:32:27 +0200, Nicolas Pouillard wrote: > > 3. SSH: Not secure, as it requires giving people shell access to the > > server. Allows file-edits that don't comply with version control. > > You can use a custom restricted shell for these users. You could only > allow to call "darcs apply".
Note that Trent Buck and Reinier Lamers have some comments about it being tricky to prevent security problems in practice about this. Also (and maybe Trent/Reinier can answer this), what about using things like jailkit? > > 5. Email (to accompany HTTP/HTTPS): Requires manual effort for patch > > application or can't return sensible error messages (if it can, then > > it can probably also serve as a spamming host). > > Manual efforts can be automated :) In case this is relevant, the Darcs manual describes a scenario where patches are automatically applied if they are GPG signed with a trusted key. http://www.darcs.net/manual/node3.html#SECTION00355000000000000000 Cheers, -- Eric Kow <http://www.nltg.brighton.ac.uk/home/Eric.Kow> PGP Key ID: 08AC04F9
pgpmEip01xRBM.pgp
Description: PGP signature
_______________________________________________ darcs-users mailing list [email protected] http://lists.osuosl.org/mailman/listinfo/darcs-users
